Top Cyber Security Vulnerabilities – February 2026 Roundup

1. CVE-2026-20127 (Cisco Catalyst SD-WAN Authentication Bypass)

• Vulnerability Description: A critical flaw exists in the peering authentication mechanism of Cisco Catalyst SD-WAN Controllers (formerly vSmart) and Managers (formerly vManage). An unauthenticated, remote attacker can send specifically crafted requests to bypass authentication protocols entirely. This grants unauthorized access to the NETCONF interface, allowing the attacker to manipulate network fabric configurations, redirect sensitive traffic, or establish persistent administrative control over the entire software defined network.
• Severity and Score: Critical (CVSS 10.0)
• Vulnerability Type: Authentication Bypass (CWE-287)
• Disclosure Date: February 25, 2026
• Exploitation Status: Actively Exploited. This has been linked to the threat actor group UAT-8616, which has used this bypass to compromise federal and large scale enterprise SD-WAN infrastructure globally.
• Mitigation Strategies: Upgrade to the latest Cisco Catalyst SD-WAN software versions immediately. Organizations should also implement strict network segmentation, monitor control connection peering logs for unexpected behavior, and strictly follow the official Cisco SD-WAN Hardening Guide.

2. CVE-2026-22769 (Dell RecoverPoint for VMs Hardcoded Credentials)

• Vulnerability Description: Dell RecoverPoint for Virtual Machines (versions prior to 6.0.3.1 HF1) contained embedded, static credentials within the system image. An unauthenticated remote attacker with knowledge of these credentials can bypass standard login procedures to gain root level access to the underlying operating system. This is an exceptionally severe threat because it provides attackers with absolute persistence within the backup and disaster recovery infrastructure.
• Severity and Score: Critical (CVSS 10.0)
• Vulnerability Type: Use of Hardcoded Credentials (CWE-798)
• Disclosure Date: February 17, 2026
• Exploitation Status: Actively Exploited. This activity is currently attributed to the threat actor UNC6201. Backup systems are prime targets for modern ransomware groups because they store high value sensitive data and provide a “master key” to enterprise recovery operations.
• Mitigation Strategies: Apply security update 6.0.3.1 HF1 or higher. Until patching is complete, isolate backup appliances from the public internet and restrict access strictly to trusted, air gapped administrative subnets.

3. CVE-2026-21513 (Microsoft MSHTML Security Feature Bypass)

• Vulnerability Description: This is a protection mechanism failure in the legacy MSHTML (Trident) engine that remains integrated within Windows for compatibility. Attackers can bypass built in security features (such as Mark of the Web prompts and warnings) by tricking users into opening crafted HTML files or shortcuts. This allows attacker controlled content, which often contains malicious scripts or secondary payloads, to execute without the user’s consent or the typical system warnings that indicate a file is dangerous.
• Severity and Score: High (CVSS 8.8)
• Vulnerability Type: Security Feature Bypass (CWE-693)
• Disclosure Date: February 10, 2026
• Exploitation Status: Actively Exploited (Zero Day). This is frequently used in targeted phishing campaigns to deliver secondary malware by suppressing the operating system’s built in security alerts.
• Mitigation Strategies: Deploy the February 2026 Patch Tuesday updates immediately. Utilize Attack Surface Reduction (ASR) rules to prevent Office applications from creating child processes and disable the execution of unsigned files through the Windows Shell.

4. CVE-2026-2441 (Google Chrome CSS Use-After-Free)

• Vulnerability Description: A high severity use after free vulnerability was located within the CSS component of the Google Chrome rendering engine. When the browser processes a malicious webpage, a failure in memory management leads to a “dangling pointer.” This memory corruption can be exploited by a remote attacker to execute arbitrary code within the sandboxed environment of the browser, potentially leading to a full system escape if chained with other flaws.
• Severity and Score: High (CVSS 8.8)
• Vulnerability Type: Use-After-Free (CWE-416)
• Disclosure Date: February 13, 2026
• Exploitation Status: Actively Exploited. This was the first major Chrome zero day of 2026, forcing a rapid, out of band update across the entire Chromium ecosystem including Edge and Brave.
• Mitigation Strategies: Update Google Chrome to version 145.0.7632.75 (for Windows and macOS) or 144.0.7559.75 (for Linux) or higher. IT admins should enforce browser restarts to ensure background updates are fully applied.

5. CVE-2026-21533 (Windows Remote Desktop Services Privilege Escalation)

• Vulnerability Description: A vulnerability in the Remote Desktop Services (RDS) architecture allows an attacker who already has limited user access to a system to manipulate service configuration registry keys. By replacing or modifying these keys, the attacker can escalate their local permissions to the “SYSTEM” level. This provides them with full control over the compromised machine and the ability to disable security software.
• Severity and Score: High (CVSS 7.8)
• Vulnerability Type: Improper Privilege Management (CWE-269)
• Disclosure Date: February 10, 2026
• Exploitation Status: Actively Exploited. This is a key component in lateral movement campaigns, enabling attackers to upgrade from a standard user account to an Administrator or SYSTEM account after an initial breach.
• Mitigation Strategies: Apply the Microsoft February 2026 security patches. Disable RDS on machines where it is not required for business operations and enforce strict “Least Privilege” policies that prevent standard users from making registry modifications.

6. CVE-2026-20700 (Apple dyld Memory Corruption)

• Vulnerability Description: This is a critical memory corruption flaw in dyld (the Dynamic Link Editor). This is the fundamental component responsible for loading dynamic libraries on Apple devices. An attacker with memory write capability can corrupt the internal state of dyld to execute arbitrary code. This bypasses the entire Apple chain of trust, including mandatory code signing and application sandboxing.
• Severity and Score: High (CVSS 7.8)
• Vulnerability Type: Memory Corruption and Arbitrary Code Execution
• Disclosure Date: February 20, 2026
• Exploitation Status: Actively Exploited. Reports indicate this zero day has been used in highly targeted surveillance attacks against high profile individuals and journalists.
• Mitigation Strategies: Update all Apple devices (iOS, macOS, and visionOS) to the latest security releases such as iOS 26.3. For high risk users, enable Lockdown Mode to significantly reduce the potential attack surface.

7. CVE-2026-21510 (Windows Shell Security Feature Bypass)

• Vulnerability Description: A failure in the Windows Shell mechanism prevents proper validation of remotely delivered content. By enticing a user to click a malicious link or a specially crafted .lnk (shortcut) file, an attacker can completely bypass Windows SmartScreen prompts. This allows malicious code to run silently without the standard “Do you want to run this file?” dialog that users rely on.
• Severity and Score: High (CVSS 8.8)
• Vulnerability Type: Protection Mechanism Failure (CWE-693)
• Disclosure Date: February 10, 2026
• Exploitation Status: Actively Exploited (Zero Day). This is a potent tool for bypassing modern defensive warnings that users rely on to identify suspicious files.
• Mitigation Strategies: Apply February Patch Tuesday updates. Configure email and web security policies to block the execution of shortcut files originating from external, untrusted sources.

8. CVE-2026-1670 (Honeywell CCTV Authentication Bypass)

• Vulnerability Description: A critical flaw was identified in specific Honeywell CCTV camera series. The device exposes an unauthenticated API endpoint that allows an attacker to remotely change the “forgot password” recovery email address. This effectively allows an attacker to perform a full account takeover, gaining total access to live video feeds, recorded footage, and system settings.
• Severity and Score: Critical (CVSS 9.8)
• Vulnerability Type: Missing Authentication for Critical Function (CWE-306)
• Disclosure Date: February 18, 2026
• Exploitation Status: Publicly Disclosed. The vulnerability is subject to active monitoring as exploitation techniques are now circulating in the wild.
• Mitigation Strategies: Update camera firmware to the latest manufacturer provided versions immediately. Isolate all IoT and CCTV devices on a dedicated, non routable VLAN and ensure they are never exposed directly to the public internet.

Key Takeaways for Security Leadership

The vulnerabilities disclosed in February 2026 reinforce a clear reality. Attackers are increasingly targeting systems that control infrastructure rather than individual endpoints. SD-WAN controllers, backup platforms, operating system components, and surveillance systems now represent high value attack surfaces because they provide deep operational access once compromised.

For security leaders, this means vulnerability management can no longer be treated as a routine patching exercise. It requires continuous monitoring, faster remediation cycles, and a clear understanding of which systems pose the highest operational risk. Organizations that delay patching or lack visibility into their infrastructure layers remain the most exposed.

Regular vulnerability assessments, proactive monitoring, and strong network segmentation play a critical role in reducing this risk. Our cybersecurity services are designed to help organizations identify exploitable weaknesses early, strengthen their defensive posture, and respond quickly to emerging threats across cloud, network, and endpoint environments.

As new vulnerabilities continue to surface each month, maintaining a structured and disciplined security program remains one of the most effective ways to protect critical systems and business continuity.