Translated from the original Japanese article
Tech 3 min read

CISA Adds Four Actively Exploited Vulnerabilities to the KEV Catalog

Security CISA Vulnerabilities Chrome
IkesanContents

Four additions to CISA’s KEV catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four more vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. All four are confirmed to be under active exploitation.

The new entries range from a recent Google Chrome flaw to a Microsoft Windows issue from 2008. The vendors and time periods are completely different. The only shared point is that attackers are using them right now.

CVE-2026-2441: Google Chrome Use-After-Free (CVSS 8.8)

This is the highest-severity issue in the group. It is a use-after-free flaw in Chrome that can trigger heap corruption through a crafted HTML page. The issue is remotely exploitable, and Google has acknowledged in-the-wild exploitation.

Browser bugs are especially effective as entry points. A user only needs to click a link, which makes these flaws powerful when combined with phishing. Chrome users should update immediately.

CVE-2024-7694: Arbitrary File Upload in TeamT5 ThreatSonar Anti-Ransomware (CVSS 7.2)

Ironically, the vulnerability is in an anti-ransomware product. TeamT5 ThreatSonar Anti-Ransomware up to version 3.4.5 contains an arbitrary file upload issue that can let an attacker execute arbitrary system commands on the server.

Security product vulnerabilities are especially dangerous because those products often run with elevated privileges. Federal Civilian Executive Branch agencies were given a remediation deadline of March 10, 2026.

CVE-2020-7796: Zimbra Collaboration Suite SSRF (CVSS 9.8)

This Zimbra SSRF vulnerability carries a near-maximum CVSS score of 9.8. It was originally disclosed in 2020, but exploitation continues. According to GreyNoise, roughly 400 IP addresses were actively exploiting it as of March 2025, with activity observed from the United States, Germany, Singapore, India, Lithuania, and Japan.

An attacker can gain unauthorized access to sensitive information simply by sending crafted HTTP requests. Because Zimbra is widely used as enterprise mail infrastructure, unpatched deployments remain attractive targets.

CVE-2008-0015: Microsoft Windows Video ActiveX Control Buffer Overflow (CVSS 8.8)

It is striking to see a 2008 vulnerability added to the KEV catalog in 2026. This is a stack-based buffer overflow in Windows Video ActiveX Control that allows remote code execution through a crafted web page.

The Dogkild worm that exploits this flaw spreads through removable drives, terminates security processes, and modifies the Windows Hosts file. The fact that a 17-year-old vulnerability is still being actively abused says a lot about the risk posed by legacy systems.

What web developers should pay attention to

Of these four issues, the Chrome use-after-free flaw is the most directly relevant to web developers. Browsers used in development environments can also become attack targets, so it is worth checking that auto-update is enabled.

If your organization runs web-based collaboration software such as Zimbra, even a six-year-old CVE can still be a live threat if it has not been patched. CISA’s KEV catalog keeps reinforcing the same lesson: vulnerability management is not just about chasing the newest CVEs.

Reference: CISA Known Exploited Vulnerabilities Catalog