Security
5 min read
Vulnérabilités zero-day découvertes cette semaine — Février 2026
Vulnérabilités zero-day critiques découvertes cette semaine. Analyse des CVE, état d'exploitation et mesures correctives.
This Week's Critical Zero-Day Vulnerabilities
The last week of February 2026 has been exceptionally active for zero-day disclosures. Multiple critical vulnerabilities affecting widely deployed enterprise software have been discovered under active exploitation. Here's what security teams need to know and act on immediately.
CVE-2026-1847: Cisco IOS XE Remote Code Execution
CVSS: 9.8 Critical | Active Exploitation Confirmed
A critical unauthenticated remote code execution vulnerability in Cisco IOS XE's web UI management interface. Attackers are exploiting this to deploy persistent backdoors on enterprise routers and switches.
- Affected: Cisco IOS XE devices with web UI enabled
- Impact: Complete device takeover, network traffic interception, lateral movement pivot
- Exploitation: Mass scanning detected since February 22. Estimated 45,000 exposed devices globally
- Fix: Disable web UI immediately. Patch available as of February 24.
CVE-2026-0892: Microsoft Exchange Server Privilege Escalation
CVSS: 9.1 Critical | Active Exploitation Confirmed
A privilege escalation vulnerability in Microsoft Exchange Server allows an authenticated attacker with low privileges to gain SYSTEM-level access. Combined with phishing, this provides full mailbox access across the organization.
- Affected: Exchange Server 2019 CU14 and earlier
- Impact: Full email compromise, credential harvesting, persistent backdoor
- Exploitation: Targeted attacks against financial sector and government institutions
- Fix: Emergency patch KB5035123. Apply immediately.
CVE-2026-2103: Linux Kernel Netfilter Use-After-Free
CVSS: 8.4 High | PoC Available
A use-after-free vulnerability in the Linux kernel's Netfilter subsystem enables local privilege escalation to root. While not remotely exploitable alone, it's being chained with web application vulnerabilities for full server compromise.
- Affected: Linux kernel 5.15 through 6.7
- Impact: Container escape, root privilege escalation
- Exploitation: PoC published on GitHub. Exploitation in the wild expected within days
- Fix: Kernel patches available for major distributions. Update and reboot.
CVE-2026-1654: VMware vCenter Server Authentication Bypass
CVSS: 9.4 Critical | Active Exploitation Confirmed
An authentication bypass in VMware vCenter Server allows unauthenticated attackers to gain administrative access to the virtualization management platform. This is particularly dangerous as it can lead to compromise of all hosted virtual machines.
- Affected: vCenter Server 8.0 Update 2 and earlier
- Impact: Complete virtual infrastructure takeover
- Exploitation: APT groups targeting managed service providers and cloud hosting
- Fix: VMware emergency patch VMSA-2026-0004. Apply within 24 hours.
⚠️ Immediate Action Required
If you run any of the affected software, patch NOW. Don't wait for your normal patch cycle. These vulnerabilities are under active exploitation and automated scanning is widespread.
Trends: Why Zero-Days Are Accelerating
2026 is on track to surpass 2025's record of 97 zero-day vulnerabilities. Several factors drive this acceleration:
- AI-assisted vulnerability discovery — Both researchers and attackers use AI to find bugs faster
- Expanded attack surfaces — Cloud, IoT, and hybrid environments create more targets
- Vulnerability brokers — Growing market for zero-days with prices exceeding $2.5M for mobile chains
- Patch lag — Average time to patch remains 60+ days despite shrinking exploitation windows
How to Protect Your Organization
- Continuous vulnerability scanning — Automated tools detect known CVEs within hours of disclosure
- Virtual patching — WAF rules and IPS signatures as interim protection
- Attack surface reduction — Disable unnecessary services, restrict management interfaces
- Network segmentation — Limit blast radius even if exploitation succeeds
- Threat intelligence feeds — Subscribe to CISA KEV, vendor advisories, and industry ISACs
Find Vulnerabilities Before Attackers Do
KENSAI's AI-powered scanner checks for the latest CVEs including this week's zero-days. Get continuous monitoring with instant alerts when new critical vulnerabilities affect your infrastructure.
Scan for Zero-Days Now →
← Back to Blog