嗯,用户让我帮忙总结一篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。好的,首先我需要仔细阅读这篇文章,了解它的主要内容。 文章主要讲的是美国网络安全和基础设施安全局(CISA)将四个新的漏洞加入到已知被利用的漏洞目录中。这些漏洞包括Google Chromium CSS、Microsoft Windows、TeamT5 ThreatSonar Anti-Ransomware和Zimbra的漏洞。每个漏洞都有对应的CVE编号和CVSS评分。 接下来,我需要提取关键信息:CISA新增了四个漏洞到KEV目录中,涉及Google、微软、TeamT5和Zimbra。然后是每个漏洞的基本情况,比如CVE编号、评分以及影响。例如,CVE-2026-2441是Google Chrome的一个高危零日漏洞,CVSS评分8.8;CVE-2024-7694是TeamT5的上传漏洞;CVE-2020-7796是Zimbra的SSRF漏洞;CVE-2008-0015是微软Windows的远程代码执行漏洞。 用户要求控制在100字以内,所以需要简洁明了地表达这些信息。同时,不需要使用特定的开头语句,直接描述即可。 现在开始组织语言:CISA新增了四个漏洞到已知被利用目录中,涉及Google、微软、TeamT5和Zimbra。这些漏洞包括高危零日攻击、任意文件上传、SSRF和远程代码执行风险。政府机构需在3月10日前修复。 检查一下是否在100字以内,并且涵盖了所有关键点:四个公司、四种类型的漏洞以及修复截止日期。看起来没问题。 最后再通读一遍,确保没有遗漏重要信息,并且语言流畅自然。 </think> 美国网络安全机构CISA新增四个高危漏洞至已知被利用目录中,涉及Google Chromium CSS零日攻击、微软Windows远程代码执行、TeamT5反勒索软件任意文件上传及Zimbra服务器请求伪造风险。政府机构需在3月10日前修复以应对潜在威胁。 2026-2-18 10:55:32 Author: securityaffairs.com(查看原文) 阅读量:3 收藏
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini
February 18, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the flaws added to the catalog:
- CVE-2008-0015 (CVSS score of 8.8) Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
- CVE-2020-7796 (CVSS score of 9.8) Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
- CVE-2024-7694 (CVSS score of 7.2) TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
- CVE-2026-2441 (CVSS score of 8.8) Google Chromium CSS Use-After-Free Vulnerability
The first flaw added to the catalog is CVE-2026-2441, which is a Use after free in CSS component in Google Chrome prior to 145.0.7632.75. This week, Google released urgent security updates to address this high-severity zero-day vulnerability. This is the first actively exploited Chrome zero-day fixed in 2026, after eight similar flaws were patched in 2025.
An attacker could exploit the flaw to compromise affected systems. The issue was discovered and responsibly reported by security researcher Shaheen Fazim on February 11, 2026.
“CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim on 2026-02-11.” reads the Google’s advisory. “Google is aware that an exploit for CVE-2026-2441 exists in the wild.”
Google has confirmed that an exploit for CVE-2026-2441 exists in the wild, but has not shared details about how it is being used or which threat actor is behind the exploitation of the flaw.
The second flaw, tracked as CVE-2024-7694, impacts TeamT5 ThreatSonar Anti-Ransomware. The issue is an arbitrary file upload vulnerability due to improper validation of uploaded content. An authenticated attacker with administrator privileges can upload crafted malicious files to the platform. This may allow arbitrary system command execution on the server, potentially leading to full system compromise, data exposure, and disruption of security functions.
The third flaw added to the catalog, tracked as CVE-2020-7796, impacts Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. The issue is an SSRF that can be exploited if the WebEx Zimlet is installed and its JSP component is enabled. An attacker can trick the server into making unauthorized outbound requests, potentially accessing internal services or sensitive resources. In March 2025, Threat intelligence firm GreyNoise observed Grafana path traversal exploitation attempts before the Server-Side Request Forgery (SSRF) surge on March 9, suggesting that attackers may be leveraging Grafana as an initial entry point for deeper exploitation. One of the vulnerabilities exploited in the attacks observed by the experts is CVE-2020-7796. Most Server-Side Request Forgery exploitation attempts targeted entities in the United States, Germany, Singapore, India, Lithuania, Japan, and Israel.
The experts warned that attackers leverage SSRF for pivoting and reconnaissance and cloud exploitation.
The last flaw added to the catalog, tracked as CVE-2008-0015, is a stack-based buffer overflow in the in CComVariant::ReadFromStream within ATL, used by the MPEG2TuneRequest ActiveX control (msvidctl.dll) in DirectShow, affects multiple legacy Windows versions. A crafted web page can trigger remote code execution. The flaw was exploited in the wild in July 2009.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerabilities by March 10, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
如有侵权请联系:admin#unsafe.sh