Bastion Codex – Weekly Defender Brief (2026-02-24)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-02-24

Executive Snapshot

  • 1490 CVEs observed in the last 7 days
  • 113 Critical
  • 447 High
  • 4 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: 0 (from 1490 to 1490, 0.0%)
  • Critical: 0 (from 113 to 113, 0.0%)
  • High: 0 (from 447 to 447, 0.0%)
  • Medium: 0 (from 548 to 548, 0.0%)
  • Low: 0 (from 57 to 57, 0.0%)
  • Unknown: 0 (from 325 to 325, 0.0%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 113
  • High: 447
  • Medium: 548
  • Low: 57
  • Unknown: 325

Top Vendors (30 Days)

  • BeyondTrust: 1
  • Dell: 1
  • Google: 1
  • Soliton Systems K.K: 1

Top Products (30 Days)

  • Chromium: 1
  • FileZen: 1
  • RecoverPoint for Virtual Machines (RP4VMs): 1
  • Remote Support (RS) and Privileged Remote Access (PRA): 1

Priority Watchlist (Top 10)

  • CVE-2021-44228 | CVSS: 10.0 | KEV: True | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log mess
  • CVE-2022-22536 | CVSS: 10.0 | KEV: True | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher
  • CVE-2026-22769 | CVSS: 10.0 | KEV: True | Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered crit
  • CVE-2021-38163 | CVSS: 9.9 | KEV: True | SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administra
  • CVE-2025-49113 | CVSS: 9.9 | KEV: True | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a
  • CVE-2020-7796 | CVSS: 9.8 | KEV: True | Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
  • CVE-2021-41773 | CVSS: 9.8 | KEV: True | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map U
  • CVE-2022-27518 | CVSS: 9.8 | KEV: True | Unauthenticated remote arbitrary code execution
  • CVE-2025-25257 | CVSS: 9.8 | KEV: True | An improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability [CWE-89] vulnerability in Fortinet For
  • CVE-2026-1731 | CVSS: 9.8 | KEV: True | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote co

Generated via Bastion Codex pipeline at 2026-02-24T23:58:22.257291+00:00