TechFeb 22, 2026updated6 minFour Critical Vulnerabilities Added to CISA KEV (From a Chromium Zero-Day to Default RCE)In the same week, CISA's KEV catalog gained a Chromium CSS engine UAF, a Roundcube RCE that hid for over a decade, a BeyondTrust RCE abused by ransomware, and a Dagu RCE due to no default authentication. All four require immediate patching.SecurityVulnerabilitiesCISAKEVRCEZero-DayChromiumRoundcubeBeyondTrust