CVE-2026-2441
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: Feb. 18, 2026
18 articles
EPSS Score
Source: FIRST.org · 2026-05-24
23.13%
probability
This CVE has a 23.13% probability
of being exploited in the next 30 days.
0%
Top 96.0th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Description
Project ZeroUse after free in CSS
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
Google Project Zero
Patched
Feb. 13, 2026
Reported by
Shaheen Fazim
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA-Advisories
Feb 17, 2026
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
TheHackerNews
Feb 26, 2026
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
TheHackerNews
Jun 09, 2026
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
TheHackerNews
Feb 25, 2026
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
TheHackerNews
Feb 25, 2026
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
TheHackerNews
Feb 21, 2026
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
TheHackerNews
Feb 20, 2026
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center
TheHackerNews
Feb 19, 2026
Google patches new Chrome zero-day flaw exploited in the wild
BleepingComputer
Jun 09, 2026
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
TheHackerNews
Feb 25, 2026
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
TheHackerNews
Mar 13, 2026
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
TheHackerNews
Feb 18, 2026
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
TheHackerNews
Feb 16, 2026
Google patches first Chrome zero-day exploited in attacks this year
BleepingComputer
Feb 16, 2026
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
TheHackerNews
Feb 18, 2026
Google Patches 5th Chrome Zero-Day Exploited in 2026
SecurityWeek
Jun 09, 2026
Google Patches First Actively Exploited Chrome Zero-Day of 2026
SecurityWeek
Feb 16, 2026
Chromium: CVE-2026-2441 Use after free in CSS
Microsoft-MSRC
Feb 18, 2026
Signal Intelligence
Confidence
92%
EPSS
23.13%
Mentions
18
Last Seen
Jun 09, 2026
CNA Information
Analyst Note
CVE-2026-2441 is confirmed as a high-severity use-after-free vulnerability in Chrome with a CVSS score of 8.8, backed by Google Project Zero verification and official vendor patch availability. The vulnerability demonstrates clear remote code execution potential and has generated significant security community attention across 14 articles, establishing reliable confirmation despite not yet being on the CISA KEV catalog.
Threat Actors 5
SCATTERED SPIDER
apt_group
Financial crime
🇺🇸 US
UNC6040
apt_group
Unknown
KNOCKOUT SPIDER
apt_group
Information theft and espionage
🇺🇸 US
Returned Libra
apt_group
🇨🇳 CN
MONTY SPIDER
apt_group
Financial crime
🇺🇸 US
Triage Info
Decided atFeb 18, 2026