CVE Updates (February 9 – 15, 2026)

Vuln Recap Editor,

Here are the CVE updates for the week of February 9th through the 15th.

๐Ÿ”ดย Critical Severity Vulnerabilities

Microsoft Configuration Manager SQL Injection Vulnerability (CISA KEV) | CVE-2024-43468

Description:
CVE-2024-43468 is a remote code execution vulnerability in Microsoft Configuration Manager. Specifically, attackers can send specially crafted requests to the Configuration Manager service to execute arbitrary code on a target system. Because the attack does not require local access, threat actors can exploit exposed services remotely. As a result, successful exploitation can grant full control over affected systems and compromise sensitive administrative functions.

Potential Impacts

  • Remote Code Execution: Attackers can directly execute arbitrary code on the Configuration Manager server.
  • System Compromise: Consequently, attackers may obtain full administrative control of the system.
  • Data Exposure: Sensitive configuration and operational data may be accessed or exfiltrated.
  • Service Disruption: Furthermore, malicious activity can disrupt Configuration Manager services or related infrastructure.

Mitigation Recommendations

  • Apply Security Updates: Immediately install the official Microsoft patch that resolves this vulnerability.
  • Restrict Network Access: Limit exposure of Configuration Manager services to trusted internal networks.
  • Monitor Logs: Regularly review system and network logs for unusual or suspicious activity.
  • Follow Least Privilege Principles: Reduce service account permissions to minimize potential impact.
  • Enable Endpoint Protection: Deploy security solutions that detect and block exploitation attempts.

SolarWinds Web Help Desk Security Control Bypass Vulnerability (CISA KEV) | CVE-2025-40536

Description:
SolarWinds Web Help Desk contains a security control bypass vulnerability that allows unauthenticated attackers to access restricted functionality. Because the application fails to properly enforce security controls, attackers can bypass authentication requirements and interact with protected components. Therefore, exposed systems face increased risk of unauthorized access and misuse.

Potential Impacts

  • Unauthorized Access: Attackers may access restricted features without valid credentials.
  • Information Disclosure: Sensitive configuration or system data may be exposed.
  • Service Manipulation: Additionally, attackers could alter help desk settings or disrupt operations.
  • Expanded Attack Surface: Once attackers access restricted components, they may attempt further exploitation or privilege escalation.

Mitigation Recommendations

  • Apply Security Updates: Install the latest SolarWinds patches immediately.
  • Restrict Network Access: Limit exposure to trusted networks or require VPN access.
  • Enforce Strong Authentication: Ensure all administrative endpoints require proper authentication.
  • Monitor Logs: Continuously review authentication and access logs for anomalies.
  • Implement Network Segmentation: Isolate management systems to reduce exposure.

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability (CISA KEV) | CVE-2026-1731

Description:
BeyondTrust Remote Support (RS) and certain older PRA versions contain a critical pre-authentication remote code execution vulnerability. Attackers can send specially crafted requests that trigger operating system command execution in the context of the site user. Because the flaw does not require authentication, attackers can exploit exposed systems directly. Consequently, organizations that expose these services face significant risk.

Potential Impacts

  • Pre-Authentication RCE: Attackers can execute arbitrary OS commands without credentials.
  • System Compromise: Successful exploitation can lead to full appliance or server takeover.
  • Privilege Escalation: Moreover, attackers may escalate privileges after gaining command execution.
  • Data Exposure: Sensitive session data, credentials, or configuration files may be accessed.
  • Service Disruption: Attackers can alter or disrupt remote support operations.

Mitigation Recommendations

  • Apply Vendor Patches: Immediately upgrade to patched BeyondTrust versions.
  • Restrict External Exposure: Limit management interfaces to trusted networks or VPN-only access.
  • Implement Network Segmentation: Isolate remote access systems from critical infrastructure.
  • Monitor for Indicators of Compromise: Proactively review logs for suspicious requests or command execution activity.

๐ŸŸ ย High Severity Vulnerabilities

Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability (CISA KEV) | CVE-2026-21511: This vulnerability affects Microsoft Office Outlook and allows attackers to conduct spoofing attacks over a network. Specifically, attackers can send crafted serialized data that manipulates how Outlook interprets information. As a result, they may impersonate trusted entities or alter communication context.

Microsoft Windows Shell Protection Mechanism Failure Vulnerability (CISA KEV) | CVE-2026-21510: Improper enforcement of security controls in Windows Shell allows attackers to bypass certain protections over a network. Consequently, attackers may circumvent restrictions and access protected functionality.

Microsoft Windows Improper Privilege Management Vulnerability (CISA KEV) | CVE-2026-21533: This vulnerability affects Windows Remote Desktop. An authorized local attacker can exploit inadequate privilege boundary enforcement to elevate permissions. Therefore, attackers may execute actions with higher privileges than intended.

Microsoft Windows Type Confusion Vulnerability (CISA KEV) | CVE-2026-21519: A type confusion issue in Desktop Window Manager allows local attackers to manipulate memory handling. As a result, attackers may gain elevated privileges and access sensitive system resources.

Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability (CISA KEV) | CVE-2026-21514: This vulnerability allows local attackers to manipulate untrusted input to bypass security protections in Word. Consequently, attackers may weaken built-in safeguards and perform further malicious actions.

Apple Multiple Buffer Overflow Vulnerability (CISA KEV) | CVE-2026-20700: This memory corruption vulnerability affects multiple Apple operating systems. Attackers with memory write capability can exploit improper state management to execute arbitrary code. Apple has indicated that sophisticated attackers previously exploited this issue in targeted attacks. However, updated OS versions now address the vulnerability.

Notepad++ Download of Code Without Integrity Check Vulnerability (CISA KEV) | CVE-2025-15556: Notepad++ versions prior to 8.8.9 fail to verify update integrity when using the WinGUp updater. Because the updater does not validate downloaded metadata cryptographically, attackers who intercept traffic can deliver malicious installers. Consequently, users may unknowingly execute arbitrary code.

๐ŸŸกย Medium Severity Vulnerabilities

Microsoft Windows NULL Pointer Dereference Vulnerability (CISA KEV) | CVE-2026-21525: This vulnerability affects Windows Remote Access Connection Manager. An attacker can trigger a denial-of-service condition by forcing the service to dereference a null pointer. As a result, the service may crash and disrupt remote access functionality.

Vim NetBeans Integration Stack Buffer Overflow Vulnerability | CVE-2026-26269: Vim versions prior to 9.1.2148 contain a stack buffer overflow in the NetBeans integration feature. Specifically, the special_keys() function writes data into a fixed-size buffer without proper bounds checking. Consequently, a malicious NetBeans server can send crafted commands that trigger memory corruption. However, Vim patch v9.1.2148 resolves this issue.

Post Views: 1
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *