Citing evidence of active exploitation in the wild, the U.S This article explores vulnerability known cve. . Cybersecurity and Infrastructure Security Agency (CISA) added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday.

The following vulnerabilities are listed: CVE-2026-2441 (CVSS score: 8.8) A Google Chrome use-after-free flaw that might enable a remote attacker to take advantage of heap corruption through a specially constructed HTML page. An attacker may be able to upload malicious files and execute arbitrary system commands on the server due to a vulnerability known as CVE-2024-7694 (CVSS score: 7.2) in TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier.

A server-side request forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) known as CVE-2020-7796 (CVSS score: 9.8) could give an attacker the ability to send a specially constructed HTTP request to a remote host and gain unauthorized access to private data. Microsoft Windows Video ActiveX Control has a stack-based buffer overflow vulnerability known as CVE-2008-0015 (CVSS score: 8.8) that could enable remote code execution by an attacker using a specially constructed webpage.

Days after Google admitted that "an exploit for CVE-2026-2441 exists in the wild," the vulnerability was added to the KEV catalog." The method by which the vulnerability is being weaponized is unknown at this time, but in order to keep other threat actors from jumping on the exploitation bandwagon, such information is usually kept secret until the majority of users have received a patch. According to a March 2025 report by threat intelligence firm GreyNoise, a group of roughly 400 IP addresses was actively taking advantage of several SSRF vulnerabilities, including CVE-2020-7796, to target vulnerable instances in the United States, Germany, Singapore, India, Lithuania, and Japan.

According to Microsoft's threat encyclopedia, "when a user visits a web page containing an exploit detected as Exploit:JS/CVE-2008-0015, it may connect to a remote server and download other malware." Additionally, it stated that it is aware of instances in which the exploit is used to download and run Dogkild, a worm that spreads through detachable drives. In an effort to stop users from visiting websites linked to security programs, the worm has the ability to retrieve and execute extra binaries, replace the Windows Hosts file, overwrite specific system files, and stop a lengthy list of security-related processes.

The method of exploiting the TeamT5 ThreatSonar Anti-Ransomware vulnerability is currently unknown.

For best protection, agencies of the Federal Civilian Executive Branch (FCEB) are advised to implement the required fixes by March 10, 2026.