Security Operations , SOC , Vulnerability Management , Patch/Configuration Management , Threat Management CISA adds SolarWinds, Microsoft, Apple, Notepad++ vulnerabilities to KEV catalog February 13, 2026 By Laura French (Credit: photo_gonzo – stock.adobe.com) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog Thursday, including critical vulnerabilities in SolarWinds Web Help Desk (WHD) and Microsoft Configuration Manager, and additional flaws in Notepad++ and Apple operating systems . The most urgent flaw, tracked as CVE-2025-40536 , is a security protection bypass in SolarWinds WHD with a CVSS score of 9.8. According to Horizon3.ai researchers who discovered the flaw, the logic SolarWinds WHD uses to perform CSRF checks uses a whitelist to validate query parameters, which can be bypassed using crafted URI parameters to access restricted functionalities without authentication. SolarWinds patched this vulnerability on Jan. 28, 2026, in version 2026.1. Microsoft reported on Feb. 6 about an active threat campaign targeting SolarWinds WHD but could not confirm whether CVE-2025-40536 or another vulnerability was being used. Federal Civilian Executive Branch (FCEB) agencies were given until Feb. 15, 2026, a three-day deadline, to patch CVE-2025-40536. A second critical vulnerability added to the KEV catalog, tracked as CVE-2024-43468 , is a SQL injection vulnerability in Microsoft Configuration Manager that could lead to remote code execution (RCE). It has a critical CVSS score of 9.8 and was first disclosed in October 2024 . Synacktiv researchers who discovered the vulnerability found that the getMachineID function that processes XML-based messages sent from Microsoft Configuration Manager clients to the MP_Location endpoint did not properly sanitize input before using it to construct SQL queries. The researchers were thus able to craft an XML document that executes arbitrary commands on the SQL database, which could be escalated to RCE on the underlying server by activating the xp_cmdshell procedure. This vulnerability could be exploited without authentication via an HTTP request to the internet-exposed endpoint. CVE-2024-43468 affects Microsoft Configuration Manager versions 2403, 2309 and 2303 and are addressed by security update KB29166583. Proof-of-concept (PoC) exploit code was published by Syacktiv on Nov. 26, 2024. Due to active exploitation, FCEB agencies are required to patch this vulnerability by March 5, 2026. CISA also added vulnerabilities in Apple operating systems and Notepad++ to the KEV catalog on Thursday. The Apple flaw, tracked as CVE-2026-20700 , was exploited as a zero-day and patched on Feb. 11, 2026. The vulnerability, which has a high CVSS score of 7.8, could enable an attacker with memory write capability to execute arbitrary code. Apple said the flaw was potentially exploited in an “extremely sophisticated” attack involving “specific targeted individuals.” The issue was fixed in version 26.3 of iOS, iPadOS, macOS Tahoe, watchOS, tvOS and visionOS. FCEB agencies are required to patch by March 5, 2026. Lastly, a Notepad++ flaw that enabled malicious updates to be installed in a state-sponsored supply chain attack was added to the KEV catalog. The attack, which Rapid7 attributed to the China-backed threat group Lotus Blossom, stemmed from a compromise of Notepad++’s website hosting provider, which allowed the attackers to push malicious updates to some targeted users. While the initial compromise was not due to a Notepad++ vulnerability, the flaw tracked as CVE-2025-15556 enabled the malicious updates to occur due to update metadata and installers not being cryptographically verified. The flaw has a CVSS score of 7.7 and was fixed in version 8.8.9, with FCEB agencies given until March 5, 2026 to patch. Laura French Malware Lazarus Group exploits npm and PyPI with fake recruitment campaign SC Staff February 13, 2026 The Lazarus Group's operation, codenamed "graphalgo," began in May 2025. Security Operations Check Point acquires 3 startups for $150 million to bolster cybersecurity SC Staff February 13, 2026 Check Point Software Technologies Ltd. has acquired three venture-backed startups, Cyclops Security, Cyata Security, and Rotate Inc., for approximately $150 million to enhance its cybersecurity capabilities. Security Operations Okta introduces new shadow AI agent discovery features SC Staff February 13, 2026 Okta's new Agent Discovery feature, part of its Identity Security Posture Management (ISPM) offering, allows organizations to identify and map unvetted AI agents. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Related Terms Buffer Overflow Corruption Countermeasure DNS Spoofing Data Mining Defacement Dictionary Attack Disassembly Distributed Scans Dumpster Diving You can skip this ad in 5 seconds