Feb 10, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows: 6 CVEs added to CISA KEV today.
  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2026-21519 Microsoft Windows Type Confusion

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Microsoft Windows privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2026-26009 Catalyst is a platform built for enterprise game server hosts, game communities, and billing pane...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2026-21531 Microsoft Azure Conversation Authoring Client Library Deserialization

  • CVSS 9.8

New critical Microsoft Azure Conversation Authoring Client Library Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Microsoft Windows Shell Protection Mechanism Failure

Microsoft MSHTML Framework Protection Mechanism Failure

Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-11242 CVSS 9.8

Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc.

CVE-2026-1774 CVSS 9.8

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

CVE-2026-2095 CVSS 9.3

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specif...

CVE-2026-2096 CVSS 9.3

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, an...

CVE-2026-21531 CVSS 9.8

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

CVE-2026-23906 CVSS 9.8

Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: *...

CVE-2026-25728 CVSS 9.3

ClipBucket v5 is an open source video sharing platform.

CVE-2026-25993 CVSS 9.3

EverShop is a TypeScript-first eCommerce platform.

CVE-2026-26009 CVSS 9.9

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations.

View critical disclosures

cvelogic Threat Intelligence