General
Active Enterprise Vulnerabilities of the Week
Feb
The last seven days have shown a clear pattern: Attackers continue to focus on high-impact, internet-exposed enterprise systems. Particularly relevant during this period were several actively exploited vulnerabilities that either enable direct remote code execution or bypass security-critical protection mechanisms. For SOC, IT operations and vulnerability management teams, this means prioritizing not only according to CVSS, but also according to confirmed exploitation, achievable attack surface and possible lateral movement in the corporate network.
Table of contents
- 1) Dell RecoverPoint (CVE-2026-22769): Critical hardcoded credentials, actively exploited
- 2) BeyondTrust RS/PRA (CVE-2026-1731): Pre-Auth RCE with high enterprise relevance
- 3) Chromium/browser stack (CVE-2026-2441): Exploitable use-after-free in the client footprint
- 4) Microsoft Configuration Manager (CVE-2024-43468): central attack lever in large environments
- 5) What companies should do now (72h plan)
1) Dell RecoverPoint (CVE-2026-22769): Critical hardcoded credentials, actively exploited
CVE-2026-22769 is a top risk for enterprise environments in several respects. According to NVD, the CVSS score is 10.0 (Critical). At the heart of the problem are hardcoded credentials (CWE-798) in Dell RecoverPoint for Virtual Machines (RP4VMs), which can allow an unauthenticated attacker access to the underlying operating system up to root persistence.
Particularly explosive: CISA added the vulnerability to the KEV catalog on 18.02.2026, which confirms active exploitation. This is critical for companies with recovery and DR infrastructure, as such systems are often deeply integrated into virtualization and storage landscapes. A successful attack can not only compromise a single system, but potentially jeopardize a company's entire recovery path.
Operational priority: Immediate identification of all affected RP4VM instances, rapid installation of the remediation/hotfixes provided by Dell and checking for unauthorized access. In addition, admin access, outgoing management communication and persistence indicators (e.g. unknown root tasks/accounts) should be closely monitored.
2) BeyondTrust RS/PRA (CVE-2026-1731): Pre-Auth RCE with high enterprise relevance
CVE-2026-1731 affects BeyondTrust Remote Support and older PRA versions. According to NVD, the vulnerability allows the execution of operating system commands without authentication (pre-auth), CVSS v3.1: 9.8, CVSS v4.0: 9.9. This is an ideal entry point for attackers because no valid credentials are required and the affected systems typically provide privileged access in corporate environments.
The vulnerability was included in CISA KEV on 13.02.2026. This makes it not only theoretically critical, but also practically relevant. In many companies, remote support and privileged access platforms are connected to central administration processes. A compromise can therefore have a direct impact on administration, incident response and downstream systems.
For Blue Teams, this means prioritizing patching/upgrading, reducing the Internet exposure of these services in the short term (e.g. via restrictive access policies/VPN enforcement) and checking telemetry for suspicious command execution in the context of the site user. In addition, recently used privileged sessions should be examined retrospectively afterwards.
3) Chromium/browser stack (CVE-2026-2441): Exploitable use-after-free in the client footprint
CVE-2026-2441 addresses a use-after-free flaw in the CSS processing of Chromium-based browsers. NVD rates the vulnerability as CVSS 8.8 and CISA added it to the KEV catalog on 17.02.2026. This is a classic pattern: widespread client software, high prevalence in the enterprise endpoint population and confirmed exploitation.
Even though browser vulnerabilities are often initially categorized as an „endpoint issue“, the operational impact is regularly underestimated. Browsers are primary entry vectors for initial access, especially in targeted phishing campaigns and watering hole scenarios. In combination with insufficiently segmented workstations, local privileges or weak EDR policies, a single successful exploit can become a bridge into the corporate network.
Prioritized measure: Comprehensive rollout of the versions published by Google (at least 145.0.7632.75/76 per platform), including validation via endpoint inventory instead of pure rollout confirmation. In addition, browser hardening (isolation mechanisms, restrictive extension policies) and awareness measures for increased phishing risk make sense.
4) Microsoft Configuration Manager (CVE-2024-43468): central attack lever in large environments
Although CVE-2024-43468 is older, it was included in CISA KEV on February 12, 2026 and is therefore highly relevant to operations in the current 7-day window. NVD has a CVSS score of 9.8 and affects Microsoft Configuration Manager - a central management component in many corporate networks.
This is precisely where the strategic risk lies: vulnerabilities in central management platforms act as a multiplier. If an attacker succeeds in compromising them, large-scale manipulation is possible, for example via distributed software packages, policy changes or access to administrative artifacts. Such platforms are therefore not just „another server“, but often a Tier 0 control point.
Companies should quickly check which ConfigMgr versions are in use, roll out the updates mentioned by Microsoft in the advisory more quickly and limit admin access to the smallest necessary circle. At the same time, a targeted hunt for unusual admin operations and suspicious changes to deployment objects is recommended.
5) What companies should do now (72h plan)
1. prioritize exploited-first: Transfer all new vulnerabilities added to the KEV catalog in the last seven days to a dedicated fast-track board. CVSS remains important, but confirmed exploitation is the primary triage factor.
2. reduce internet exposure immediately: For BeyondTrust, RecoverPoint and comparable management interfaces, minimize external accessibility in the short term. Where possible: IP allowlisting, VPN enforcement, additional access protection.
3. combine patch + verification: Not just „rolled out“, but technically verified (version, hash, successful service restart, telemetry ok). Deviations are particularly common in browser and agent rollouts.
4. plan for a compromise assessment: In the case of actively exploited gaps, always assume possible pre-compression. Check logs for auth anomalies, new persistence artifacts and unusual admin activities.
5. focus the communication chain: The SOC, IT operations, platform owner and CISO layer should use a common situation picture with fixed escalation windows (e.g. 24/48/72h) for this class of vulnerabilities.
Conclusion: Last week's development confirms once again that attackers prefer to target areas where high privileges, central management functions or massive distribution come together. Companies that establish „actively exploited + CVSS≥8 + enterprise function“ as a hard prioritization logic measurably shorten their exposure time and improve their incident resilience at the same time.
Sources (verified)
- CISA - Known Exploited Vulnerabilities Catalog (Version 2026.02.18), 18.02.2026: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- NVD - CVE-2026-22769 (Dell RecoverPoint), last modified 02/18/2026: https://nvd.nist.gov/vuln/detail/CVE-2026-22769
- Dell Security Advisory DSA-2026-079, 2026: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079
- NVD - CVE-2026-1731 (BeyondTrust RS/PRA), last modified 17.02.2026: https://nvd.nist.gov/vuln/detail/CVE-2026-1731
- BeyondTrust Advisory BT26-02, 2026: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
- NVD - CVE-2026-2441 (Chromium), last modified 18.02.2026: https://nvd.nist.gov/vuln/detail/CVE-2026-2441
- Google Chrome Releases (Stable Channel Update), 13.02.2026: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
- NVD - CVE-2024-43468 (Microsoft Configuration Manager), last modified 13.02.2026: https://nvd.nist.gov/vuln/detail/CVE-2024-43468
- MSRC - CVE-2024-43468, 2026 update context: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468
SEO block
META-TITLE: Active Enterprise vulnerabilities: The most important cases of the week
META-DESCRIPTION: Analysis of the most important IT security developments of the last 7 days: actively exploited vulnerabilities with CVSS ≥ 8, enterprise impact and concrete 72h measures.
URL-SLUG: active-enterprise-vulnerabilities-week-2026-02
Keywords: IT security, CVE, KEV, CISA, NVD, MSRC, vulnerability management, patch management, enterprise security, threat intelligence
