Critical Zero-Day in Enterprise VPN Appliances Actively Exploited
Ars Technica
by Dan Goodin
February 11, 2026 · 22:59
4 hours ago
Summary
CISA issues emergency directive after discovering state-sponsored exploitation of previously unknown vulnerability in widely-deployed VPN hardware.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring all federal agencies to immediately patch or disconnect affected VPN appliances following the discovery of active exploitation of a critical zero-day vulnerability.
The vulnerability, tracked as CVE-2026-4821, affects enterprise VPN products from a major vendor and allows unauthenticated remote code execution. Threat intelligence firms have attributed the exploitation campaign to a state-sponsored threat actor.
Organizations using the affected products are urged to apply the emergency patch released today or implement the provided mitigation guidance immediately.
The vulnerability, tracked as CVE-2026-4821, affects enterprise VPN products from a major vendor and allows unauthenticated remote code execution. Threat intelligence firms have attributed the exploitation campaign to a state-sponsored threat actor.
Organizations using the affected products are urged to apply the emergency patch released today or implement the provided mitigation guidance immediately.
Analysis
Relevance Score
Critical
Sentiment
↓ -0.68
Negative
Source Reliability
8.1
/ 10
High
Source
Ars Technica
arstechnica.com
Tech
US