Tech Feb 22, 2026 updated 6 min Four Critical Vulnerabilities Added to CISA KEV (From a Chromium Zero-Day to Default RCE) In the same week, CISA's KEV catalog gained a Chromium CSS engine UAF, a Roundcube RCE that hid for over a decade, a BeyondTrust RCE abused by ransomware, and a Dagu RCE due to no default authentication. All four require immediate patching. Security Vulnerabilities CISA KEV RCE Zero-Day Chromium Roundcube BeyondTrust
