On February 12, 2026, CISA added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. The addition confirms active exploitation in the wild and triggers a remediation mandate for federal agencies, while strongly signaling urgency for private organizations.
The required remediation date for these vulnerabilities is March 5, 2026.
Detailed Vulnerability Descriptions
The most critical addition is CVE-2024-43468, affecting Microsoft Configuration Manager. This is a remote code execution vulnerability stemming from an SQL injection flaw. It is particularly dangerous because it allows an unauthenticated attacker—someone without any login credentials—to execute arbitrary commands on the server or the underlying database. Because Configuration Manager is often used to manage large fleets of devices, a compromise here can give an attacker broad control over an organization’s internal network.
The second vulnerability, CVE-2025-15556, impacts Notepad++, specifically within its WinGUp auto-updater component. The flaw involves a “Code Download Without Integrity Check,” meaning the updater does not properly verify the authenticity of the files it pulls down. This allows attackers (potentially via a Man-in-the-Middle attack) to intercept the update process and force the application to download and execute malicious code masquerading as a legitimate update.
CVE-2025-40536 targets SolarWinds Web Help Desk. This is a security control bypass vulnerability that allows an unauthenticated attacker to access restricted functionality within the help desk system. While this might be used individually to access sensitive ticket data, it is often chained with other exploits to gain deeper administrative access or to move laterally across the network, making it a high-priority fix for IT support infrastructure.
Finally, CVE-2026-20700 affects a broad range of Apple devices. This is a buffer overflow vulnerability where the software fails to properly handle the amount of data being written to a buffer. Attackers can exploit this memory corruption issue to execute arbitrary code or cause the device to crash (denial of service). Given the ubiquity of Apple devices in corporate environments, this poses a significant risk to endpoint security.
