CISA has added CVE-2026-48907, an improper access control vulnerability in the Widget Factory Joomla Content Editor, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability is actively being exploited and presents a significant risk to federal systems. Binding Operational Directive (BOD) 26-04 updates requirements for Federal Civilian Executive Branch (FCEB) agencies regarding vulnerability management. The directive emphasizes prioritizing the remediation of high-risk vulnerabilities, particularly those listed in the KEV catalog that grant full control after exploitation on public-facing assets. Lower-risk vulnerabilities can be addressed with less urgency. BOD 26-04 also outlines when agencies must check for system compromise before patching. Although BOD 26-04 is specific to FCEB agencies, CISA recommends all organizations adopt a risk-based approach to vulnerability management. They encourage prioritizing KEV catalog vulnerabilities for remediation. CISA will continue to add vulnerabilities meeting their criteria to the KEV catalog. Organizations can nominate exploited vulnerabilities for inclusion if they have a CVE ID, proof of exploitation, and mitigation guidance.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These are CVE-2026-20262 affecting Cisco Catalyst SD-WAN Manager and CVE-2026-54420 impacting LiteSpeed cPanel Plugin. Such vulnerabilities are common attack methods for cybercriminals. Federal agencies are mandated to address these risks through Binding Operational Directive (BOD) 26-04. This directive requires FCEB agencies to prioritize patching vulnerabilities listed in the KEV catalog that are on public-facing assets and offer complete system control. BOD 26-04 updates previous directives and reinforces the significance of the KEV catalog. It also outlines expectations for agencies to check for potential compromises before applying patches. While this directive specifically targets FCEB agencies, CISA urges all organizations to adopt similar risk-based vulnerability management. CISA will continue to update the KEV catalog with newly identified exploited vulnerabilities. Organizations can nominate vulnerabilities for inclusion in the KEV catalog if they have a CVE ID, proof of exploitation, and clear mitigation steps.

CISA has added CVE-2026-35273, an Oracle PeopleSoft vulnerability, to its Known Exploited Vulnerabilities catalog. This vulnerability involves missing authentication for critical functions and is a common attack method for malicious actors. It presents considerable risks to federal systems. Binding Operational Directive (BOD) 26-04, which updates BOD 22-01, sets vulnerability management requirements for federal agencies. This directive emphasizes the KEV catalog and mandates rapid patching of high-risk vulnerabilities on publicly exposed assets that lead to complete control post-exploitation. Lower-risk vulnerabilities can be addressed later according to BOD 26-04. The directive also outlines expectations for agencies to check for compromise before applying patches. Although BOD 26-04 is specific to federal agencies, CISA recommends all organizations implement risk-based vulnerability management. Prioritizing KEV catalog vulnerabilities is encouraged for everyone. CISA will continue to augment the KEV catalog with qualifying vulnerabilities. Organizations can submit vulnerabilities for consideration if they have a CVE ID, evidence of exploitation, and clear mitigation guidance.

CISA has added a new vulnerability, CVE-2026-10520 concerning Ivanti Sentry OS Command Injection, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability has been actively exploited and presents a significant threat. Command injection vulnerabilities are a common attack method used by malicious actors. Federal Civilian Executive Branch (FCEB) agencies are now subject to Binding Operational Directive (BOD) 26-04. This directive mandates prioritizing security updates based on risk, superseding BOD 22-01. BOD 26-04 emphasizes the KEV catalog and requires FCEB agencies to quickly fix high-risk vulnerabilities, particularly those on public assets that grant full control post-exploitation. Lower-risk vulnerabilities can have their remediation deferred. The directive also sets expectations for agencies regarding system compromise checks before patching. While BOD 26-04 is for FCEB agencies, CISA urges all organizations to adopt risk-based vulnerability management. CISA will continue to add qualifying vulnerabilities to the KEV catalog. Organizations can nominate vulnerabilities for inclusion if they have a CVE ID, proof of exploitation, and mitigation guidance.

CISA has recently added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These include a vulnerability in Arista Extensible Operating System, another in Google Chromium's V8 engine, and a third in Cisco Catalyst SD-WAN Manager. Evidence confirms that these vulnerabilities are being actively exploited by malicious actors. Such vulnerabilities represent a common and significant threat to federal networks. The KEV Catalog was established by Binding Operational Directive (BOD) 22-01 to track these high-risk vulnerabilities. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies must fix these identified vulnerabilities by their deadlines. The goal of BOD 22-01 is to safeguard FCEB networks from current cyber threats. While BOD 22-01 specifically applies to FCEB agencies, CISA strongly recommends all organizations take similar action. Prioritizing the remediation of KEV Catalog vulnerabilities is crucial for reducing overall cyberattack exposure. CISA will continue to update the KEV Catalog as new vulnerabilities meeting the criteria are identified.

CISA has identified two new vulnerabilities that are actively being exploited and added them to its Known Exploited Vulnerabilities (KEV) Catalog. These newly added vulnerabilities are CVE-2026-42271 affecting BerriAI LiteLLM and CVE-2026-50751 impacting Check Point Security Gateway. Such vulnerabilities represent common attack methods for cybercriminals and pose substantial threats to federal networks. The KEV Catalog, established by Binding Operational Directive 22-01, lists known vulnerabilities with significant risk to the federal enterprise. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies must fix these identified vulnerabilities by a specific deadline. The goal is to safeguard FCEB networks from current cyber threats. Although BOD 22-01 specifically targets FCEB agencies, CISA strongly advises all organizations to address these KEV Catalog vulnerabilities. Prioritizing their remediation is crucial for enhancing an organization's cybersecurity posture. CISA will continue to update the KEV Catalog with new vulnerabilities that meet the established criteria. This ongoing effort aims to provide timely information on critical security issues.

CISA has added a new vulnerability, CVE-2026-28318, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability in SolarWinds Serv-U involves uncontrolled resource consumption. Actively exploited vulnerabilities like this are common attack vectors for cybercriminals. Such vulnerabilities present substantial risks to federal agencies. The KEV Catalog was established by Binding Operational Directive (BOD) 22-01 to combat these significant risks. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies fix these vulnerabilities by a deadline. This is to safeguard FCEB networks from active cyber threats. While BOD 22-01 specifically targets FCEB agencies, CISA recommends all organizations prioritize fixing KEV Catalog vulnerabilities. This action helps reduce their susceptibility to cyberattacks. CISA will keep updating the KEV Catalog with new vulnerabilities that fit the criteria.

CISA has added a new vulnerability, CVE-2026-45247, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability affects Mirasvit Full Page Cache Warmer and is due to deserialization of untrusted data. Such vulnerabilities are common attack vectors for cyber actors and present significant risks. CISA's Binding Operational Directive 22-01 created the KEV Catalog to highlight vulnerabilities posing a serious threat to the federal enterprise. This directive mandates that Federal Civilian Executive Branch agencies fix these vulnerabilities by specific deadlines. The goal is to protect FCEB networks from active threats. While BOD 22-01 specifically targets FCEB agencies, CISA encourages all organizations to address KEV Catalog vulnerabilities. Prioritizing remediation is crucial for reducing exposure to cyberattacks. CISA will continue to update the KEV Catalog with vulnerabilities that meet its criteria. This ongoing effort aims to enhance overall cybersecurity posture.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These new additions are CVE-2022-0492, a Linux Kernel Improper Authentication Vulnerability, and CVE-2025-48595, an Android Framework Integer Overflow Vulnerability. Both have demonstrated evidence of active exploitation by malicious actors. Such vulnerabilities frequently serve as attack vectors. They present significant risks to federal networks and the broader enterprise. Binding Operational Directive (BOD) 22-01 established the KEV Catalog to address these serious threats. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies remediate these identified vulnerabilities by a specified deadline. The goal is to protect FCEB networks from ongoing cyber threats. Although BOD 22-01 specifically targets FCEB agencies, CISA strongly advises all organizations to remediate KEV Catalog vulnerabilities. Prioritizing these remediations is crucial for effective vulnerability management and reducing overall cyberattack exposure. CISA will continue to update the catalog as new vulnerabilities meeting the criteria are identified.

CISA has added a new vulnerability, CVE-2024-21182, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability affects Oracle WebLogic Server and has been observed being actively exploited by malicious actors. Such vulnerabilities represent frequent attack vectors that pose significant risks to federal systems. CISA's Binding Operational Directive (BOD) 22-01 established the KEV Catalog to identify vulnerabilities with substantial risk to the federal enterprise. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies remediate these identified vulnerabilities by a specified deadline. The goal of BOD 22-01 is to protect FCEB networks against ongoing cyber threats. While BOD 22-01 specifically applies to FCEB agencies, CISA strongly recommends that all organizations adopt similar practices. Prioritizing the timely remediation of KEV Catalog vulnerabilities is crucial for reducing overall cyberattack exposure. Organizations should integrate this into their regular vulnerability management processes. CISA will consistently update the KEV Catalog with new vulnerabilities that meet its established criteria.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. The newly added vulnerability is CVE-2026-0257, a Palo Alto Networks PAN-OS authentication bypass. This vulnerability is actively exploited by malicious actors, posing a significant risk. The KEV Catalog is a list of vulnerabilities considered high risk. The KEV Catalog was created by Binding Operational Directive (BOD) 22-01. BOD 22-01 directs Federal Civilian Executive Branch (FCEB) agencies to remediate KEV vulnerabilities promptly. Agencies must meet deadlines to protect their networks from active threats. CISA encourages all organizations, not just FCEB agencies, to prioritize KEV remediation. Timely remediation helps organizations reduce their cyberattack exposure. CISA will continue to update the catalog with new vulnerabilities that fit the criteria.

CISA is addressing escalating cyberattacks exploiting software supply chain vulnerabilities, focusing on CI/CD pipelines and developer ecosystems. Recent breaches showcase threat actors targeting tools within enterprise, cloud, and DevOps environments. A significant incident involved a malicious Nx Console VS Code extension, leading to GitHub repository access and data exfiltration. The compromised extension (version 18.95.0) auto-updated, potentially affecting developers with Nx Console installed. CISA assigned CVE-2026-48027 and added the compromised version to its KEV Catalog. The "Megalodon" campaign injected malicious GitHub Action workflows to steal CI/CD secrets and credentials. CISA recommends monitoring workflow activity and reverting suspicious changes by automated accounts. Organizations should conduct forensic reviews if compromised and rotate secrets like API keys and cloud credentials. CISA suggests delaying package downloads for three hours and pinning software to trusted versions. Pulling packages only from trusted sources is critical for security. Several resources are available for detailed information on these compromises. CISA provides this information for informational purposes only and does not endorse any specific products or services.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding three new vulnerabilities actively being exploited. These vulnerabilities include issues in Daemon Tools Lite, TanStack, and Nx Console. These vulnerabilities can be used by malicious actors and pose a considerable risk. The KEV Catalog is a list of known CVEs representing significant risks, created by Binding Operational Directive (BOD) 22-01. BOD 22-01 requires federal agencies to address KEVs by the due date to protect networks. CISA strongly recommends all organizations prioritize timely remediation of KEV vulnerabilities. This is essential for effective vulnerability management. The catalog serves as a dynamic resource, and CISA will make further additions as required. The updated catalog helps to safeguard against cyberattacks. Organizations must actively manage and remediate listed vulnerabilities.

CISA updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. The new vulnerability is CVE-2026-48172, a privilege escalation flaw in the LiteSpeed cPanel Plugin. This type of vulnerability is often exploited by attackers, posing significant risks. The KEV Catalog is a list of known vulnerabilities with substantial risks, as established by Binding Operational Directive 22-01. BOD 22-01 mandates that Federal Civilian Executive Branch agencies fix identified vulnerabilities promptly. This directive aims to protect federal networks from existing threats. The provided fact sheet offers further details about BOD 22-01. While BOD 22-01 mainly applies to federal agencies, other organizations are strongly encouraged to use the KEV Catalog. Prioritizing remediation of KEV vulnerabilities helps reduce exposure to cyberattacks. CISA plans to continuously add vulnerabilities to the catalog as needed.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog by adding one new vulnerability, CVE-2026-9082, a Drupal Core SQL Injection vulnerability. This vulnerability is included due to evidence of active exploitation by malicious actors. SQL injection vulnerabilities are commonly exploited, posing a considerable risk to systems. The KEV Catalog is maintained under Binding Operational Directive (BOD) 22-01. This directive requires Federal Civilian Executive Branch (FCEB) agencies to patch these vulnerabilities by specified deadlines. The goal is to protect federal networks from existing threats and vulnerabilities. The BOD 22-01 fact sheet provides further details on the directive and its implementation. While BOD 22-01 focuses on FCEB agencies, CISA recommends that all organizations address these vulnerabilities promptly. Organizations outside the FCEB should also prioritize the remediation of KEV vulnerabilities to stay secure. CISA will regularly update the catalog as new vulnerabilities meeting the criteria emerge. This proactive approach helps to improve overall cybersecurity posture and minimize potential damage.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, a list of actively exploited vulnerabilities. Two new vulnerabilities, CVE-2025-34291 and CVE-2026-34926, were added due to confirmed active exploitation. These vulnerabilities, like others in the catalog, are often used as attack vectors. These pose great risks to federal networks and other organizations. The KEV Catalog was established by Binding Operational Directive (BOD) 22-01. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate listed vulnerabilities. Agencies must follow the specified due dates in order to protect against threats. While BOD 22-01 directs FCEB agencies, CISA advises all organizations to prioritize KEV remediation. Timely remediation is a strong part of any proper vulnerability management strategy. CISA will continually update the catalog with new vulnerabilities to enhance protection.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding seven new vulnerabilities actively being exploited. These newly added vulnerabilities span multiple software products including Microsoft Windows, DirectX, Adobe Acrobat, and Internet Explorer. The vulnerabilities involve issues like buffer overflows, use-after-free, and denial-of-service, enabling malicious cyber activities. CISA recognizes these vulnerabilities as significant risks, particularly for federal organizations. Binding Operational Directive (BOD) 22-01 mandates FCEB agencies remediate these vulnerabilities promptly. The KEV Catalog is a dynamic list intended to inform and protect against known threats. Remediation deadlines are established to reduce exploitable attack surfaces across the federal network. While BOD 22-01 primarily targets federal agencies, CISA encourages all organizations to use the KEV Catalog. Prioritizing remediation of known exploited vulnerabilities is a crucial element of effective cybersecurity. CISA will continue to update the catalog as new vulnerabilities become actively exploited in the wild.

CISA has added a new vulnerability, CVE-2026-42897, to its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation. This vulnerability targets Microsoft Exchange Server and involves cross-site scripting, a common attack method. The KEV Catalog identifies vulnerabilities posing significant risks, especially to the federal enterprise. Binding Operational Directive (BOD) 22-01 mandates FCEB agencies remediate KEV vulnerabilities by set deadlines. This directive aims to protect federal networks from existing threats. The provided fact sheet offers further details regarding BOD 22-01 implementation. While BOD 22-01 specifically affects FCEB agencies, CISA advises all organizations to prioritize KEV remediation. Timely addressing these vulnerabilities is crucial for reducing cyberattack exposure. Organizations should integrate KEV remediation into their overall vulnerability management strategies. CISA will continuously update the catalog with qualifying vulnerabilities.

CISA has added a new vulnerability, CVE-2026-20182, to its Known Exploited Vulnerabilities (KEV) Catalog. This Cisco Catalyst SD-WAN Controller authentication bypass vulnerability is actively exploited by malicious actors. This type of vulnerability presents significant risks, particularly to federal agencies. CISA urges adherence to Emergency Directive 26-03 and Supplemental Direction ED 26-03 for mitigation, as well as BOD 22-01. The KEV Catalog serves as a list of high-risk vulnerabilities and is a key component of BOD 22-01. Federal agencies must remediate vulnerabilities in the KEV Catalog by their due dates. BOD 22-01 primarily affects federal agencies, but CISA recommends all organizations prioritize KEV Catalog vulnerability remediation. This proactive approach helps reduce exposure to cyberattacks. CISA plans to continue updating the KEV Catalog with vulnerabilities meeting specific criteria.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, a list of actively exploited vulnerabilities. A new vulnerability, identified as CVE-2026-42208 affecting BerriAI LiteLLM, has been added due to active exploitation. This vulnerability specifically involves SQL injection, a common attack method. This poses a significant risk to the federal enterprise. The KEV Catalog was created by Binding Operational Directive (BOD) 22-01 to address known exploitable vulnerabilities. BOD 22-01 mandates federal agencies to remediate listed vulnerabilities to protect their networks. Agencies must address these vulnerabilities by specified deadlines. While BOD 22-01 applies to federal agencies, CISA recommends all organizations prioritize KEV remediation. Timely remediation of KEV vulnerabilities is crucial for reducing cyberattack exposure. CISA will continue to update the catalog as new exploitable vulnerabilities are identified.

CISA updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. The newly added vulnerability is CVE-2026-6973, concerning Improper Input Validation in Ivanti Endpoint Manager Mobile (EPMM). This vulnerability is actively being exploited by malicious actors, presenting a serious risk. The KEV Catalog is a list of known vulnerabilities that significantly threaten the federal enterprise. This catalog was established under Binding Operational Directive (BOD) 22-01. BOD 22-01 mandates Federal Civilian Executive Branch agencies to remediate identified vulnerabilities promptly. The goal is to safeguard FCEB networks from active cyber threats. CISA recommends that all organizations address KEV Catalog vulnerabilities. Prioritizing remediation is crucial for reducing exposure to cyberattacks. CISA emphasizes the importance of timely vulnerability management practices. The agency will continue to update the catalog with new vulnerabilities as they are discovered.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. The newly added vulnerability is CVE-2026-0300, an out-of-bounds write vulnerability in Palo Alto Networks PAN-OS. This type of vulnerability is frequently exploited by malicious actors, presenting substantial risk to the federal enterprise. The KEV Catalog is a list of known CVEs that pose significant threats, established by Binding Operational Directive (BOD) 22-01. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate KEV vulnerabilities by specified deadlines. This action aims to safeguard FCEB networks from ongoing cyber threats. While BOD 22-01 primarily affects FCEB agencies, CISA recommends all organizations prioritize KEV Catalog vulnerability remediation. Timely addressing of these vulnerabilities is crucial for reducing cyberattack exposure. CISA will continue to incorporate vulnerabilities that meet the necessary criteria into the KEV catalog.

CISA has added a new vulnerability, CVE-2026-31431, to its Known Exploited Vulnerabilities (KEV) Catalog. This Linux Kernel vulnerability is actively being exploited by malicious actors. Such vulnerabilities present a significant risk to federal government systems. The KEV Catalog was established by Binding Operational Directive (BOD) 22-01. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies fix KEV vulnerabilities by a set deadline. The goal is to protect FCEB networks from active cyber threats. While BOD 22-01 specifically targets FCEB agencies, CISA strongly advises all organizations to address these vulnerabilities. Prioritizing remediation of KEV Catalog entries is crucial for reducing cyberattack exposure. This proactive approach should be integrated into regular vulnerability management. CISA will continue to update the KEV Catalog with newly identified vulnerabilities that meet the established criteria.

CISA has added a new vulnerability, CVE-2026-41940, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability affects WebPros cPanel & WHM and WP2, specifically a missing authentication for a critical function. Such vulnerabilities are commonly exploited by malicious actors and present significant risks. The KEV Catalog was established by Binding Operational Directive 22-01 to list vulnerabilities posing significant risk to the federal enterprise. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies remediate these vulnerabilities by a set deadline. The goal is to protect FCEB networks from active threats. While BOD 22-01 is specific to FCEB agencies, CISA strongly recommends all organizations follow suit. Prioritizing the remediation of KEV Catalog vulnerabilities is crucial for reducing cyberattack exposure. This practice should be integrated into overall vulnerability management. CISA intends to continue adding vulnerabilities that meet their criteria to the catalog.

CISA has included two new vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities, CVE-2024-1708 (ConnectWise ScreenConnect) and CVE-2026-32202 (Microsoft Windows), are actively being exploited. These types of flaws often lead to cyberattacks and pose substantial risks, especially to government networks. BOD 22-01 established the KEV Catalog to identify and mandate the patching of critical vulnerabilities. This directive requires Federal Civilian Executive Branch agencies to fix these vulnerabilities promptly. The due dates for remediation are set to protect networks from current threats. While BOD 22-01 focuses on federal agencies, CISA advises all organizations to prioritize KEV Catalog remediation. This proactive action helps reduce their vulnerability to cyberattacks. Organizations should integrate KEV remediation into their established vulnerability management processes. CISA will continue monitoring and adding vulnerabilities to the catalog as new threats emerge.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with four new vulnerabilities, confirmed to be actively exploited. These include path traversal flaws in Samsung MagicINFO 9 Server and SimpleHelp, a missing authorization issue in SimpleHelp, and a command injection vulnerability in D-Link DIR-823X. Such vulnerabilities are commonly exploited by malicious actors, posing substantial risks to federal systems. The KEV Catalog was established by Binding Operational Directive (BOD) 22-01 to address significant cyber risks to the federal enterprise. This directive mandates Federal Civilian Executive Branch (FCEB) agencies to remediate listed vulnerabilities by specified deadlines. This action is crucial for safeguarding FCEB networks from ongoing cyber threats. While BOD 22-01 primarily targets FCEB agencies, CISA strongly advises all organizations to prioritize KEV Catalog remediation. Timely patching of these vulnerabilities is a critical component of effective vulnerability management practices. CISA remains committed to continuously updating the catalog with new vulnerabilities that meet its defined criteria.

CISA has identified and added CVE-2026-39987, a Marimo Remote Code Execution Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability is currently being actively exploited by malicious actors. Remote code execution vulnerabilities are common attack methods that present substantial risks to federal systems. CISA established the KEV Catalog through Binding Operational Directive (BOD) 22-01 to identify high-risk vulnerabilities. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies must fix these vulnerabilities by a specific deadline. This directive aims to protect FCEB networks from ongoing cyber threats. While BOD 22-01 applies only to FCEB agencies, CISA strongly recommends all organizations address these vulnerabilities. Prioritizing the remediation of cataloged vulnerabilities is crucial for effective vulnerability management. CISA will continue to update the KEV Catalog with new vulnerabilities that meet its criteria. This ongoing effort helps organizations mitigate significant cyber risks.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. This newly listed vulnerability is CVE-2026-33825, impacting Microsoft Defender. It involves insufficient access control, a common attack vector used by malicious actors. This vulnerability poses considerable risks, particularly for federal agencies. The KEV Catalog is a dynamic list of known vulnerabilities with significant risks, as defined by Binding Operational Directive (BOD) 22-01. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate KEV vulnerabilities by set deadlines. Remediation protects FCEB networks from active cyber threats, as outlined in the BOD 22-01 Fact Sheet. While the directive primarily targets FCEB agencies, CISA recommends all organizations address KEV vulnerabilities promptly. Prioritizing remediation helps organizations lessen their vulnerability to cyberattacks. CISA plans to continuously expand the catalog with vulnerabilities meeting its criteria.

CISA issued an alert regarding a software supply chain compromise affecting the Axios npm package. Malicious versions of Axios, specifically [email protected] and [email protected], injected a dependency called [email protected]. This malicious dependency downloads multi-stage payloads, including a remote access trojan, from actor-controlled infrastructure. Organizations must monitor code repositories, CI/CD pipelines, and developer machines for the compromised Axios versions. They should also check artifact repositories for cached malicious dependencies and pin package versions to known safe releases. If compromised dependencies are found, environments need to be reverted to a safe state and credentials potentially exposed should be rotated. Monitoring for unexpected child processes and anomalous network behavior during npm operations is crucial. Blocking outbound connections to Sfrclak[.]com domains is also recommended. CISA further advises implementing phishing-resistant MFA for developer accounts and configuring npm to ignore scripts and enforce minimum release ages for packages. Establishing normal execution baselines and alerting on anomalous dependency behavior will help detect and prevent future compromises.

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These include vulnerabilities in PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE SMA, Synacor Zimbra, and Cisco Catalyst SD-WAN Manager. These types of vulnerabilities are common attack vectors and present significant risks. The KEV Catalog was established by Binding Operational Directive (BOD) 22-01 to identify vulnerabilities posing a substantial risk to the federal enterprise. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies fix these vulnerabilities by a specified deadline. This action aims to protect FCEB networks from active cyber threats. While BOD 22-01 specifically targets FCEB agencies, CISA strongly advises all organizations to address KEV Catalog vulnerabilities promptly. Prioritizing remediation is crucial for reducing cyberattack exposure. CISA will continue to update the KEV Catalog with new vulnerabilities that meet the established criteria.

CISA has identified a new vulnerability, CVE-2026-34197, in its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability affects Apache ActiveMQ and is due to improper input validation. Evidence indicates this vulnerability is actively being exploited by malicious actors. Such vulnerabilities are common attack methods and present substantial risks to federal systems. Binding Operational Directive 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies address these KEV Catalog vulnerabilities. The KEV Catalog is a dynamic list of vulnerabilities with significant risk to the federal enterprise. FCEB agencies must remediate listed vulnerabilities by their deadlines to enhance network security. While this directive specifically targets FCEB agencies, CISA strongly recommends all organizations adopt this practice. Prioritizing the remediation of KEV Catalog vulnerabilities is crucial for mitigating cyberattack exposure. CISA will continue to update the KEV Catalog with new vulnerabilities that meet the established criteria.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, a list of actively exploited vulnerabilities. Two new vulnerabilities have been added to the catalog due to confirmed exploitation. The first vulnerability, CVE-2009-0238, impacts Microsoft Office and involves remote code execution. The second vulnerability, CVE-2026-32201, affects Microsoft SharePoint Server and concerns improper input validation. These vulnerabilities are attractive targets for malicious actors and pose substantial risks primarily to federal networks. The KEV Catalog was created by Binding Operational Directive (BOD) 22-01 to address these risks. BOD 22-01 mandates that Federal Civilian Executive Branch agencies remediate these vulnerabilities promptly. Agencies must meet specified deadlines to safeguard their networks against active threats. CISA encourages all organizations, even those not under BOD 22-01, to prioritize KEV remediation. Timely remediation helps mitigate cyberattack risks within any organization’s vulnerability management program. CISA will regularly update the KEV Catalog with additional vulnerabilities meeting the necessary criteria.

CISA updated its Known Exploited Vulnerabilities (KEV) Catalog with seven newly identified security flaws. These vulnerabilities, affecting products like Microsoft Windows, Adobe Acrobat, Microsoft Exchange Server, and Fortinet, are actively being exploited by malicious actors. The addition is based on evidence indicating that these vulnerabilities are frequent attack vectors. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies must remediate vulnerabilities listed in the KEV Catalog by specified deadlines. This directive helps safeguard FCEB networks from existing cyber threats. The KEV Catalog serves as a dynamic list of CVEs that pose substantial risks. While BOD 22-01 is binding for FCEB agencies, CISA recommends all organizations to prioritize patching these vulnerabilities. Timely remediation of KEV Catalog vulnerabilities is crucial for effective vulnerability management. CISA will continue to expand the catalog with new vulnerabilities that meet their established criteria.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. The newly added vulnerability is CVE-2026-1340, a code injection flaw in Ivanti Endpoint Manager Mobile (EPMM). This vulnerability is actively being exploited by malicious actors, posing a considerable threat. The KEV Catalog is a list of vulnerabilities posing significant risks, as defined by Binding Operational Directive (BOD) 22-01. BOD 22-01 mandates federal agencies remediate vulnerabilities in the catalog by set deadlines. This directive aims to safeguard federal networks from active cyber threats. Remediation efforts are crucial to minimize potential exploits of these known vulnerabilities. While BOD 22-01 applies only to federal agencies, other organizations are strongly encouraged to adopt the practices. Timely remediation of KEV catalog vulnerabilities is vital for overall cyber security. CISA will continue to augment the KEV catalog with any newly discovered critical vulnerabilities.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. This addition highlights an active exploitation risk, based on observed malicious activity in the wild. The new entry is CVE-2026-35616, a Fortinet FortiClient EMS access control vulnerability. This type of vulnerability is often targeted by cyber attackers, posing a substantial threat. The KEV Catalog is a core component tied to Binding Operational Directive (BOD) 22-01. BOD 22-01 mandates that federal agencies promptly address identified vulnerabilities. This directive aims to protect federal networks from active threats by a defined deadline. The KEV Catalog is a continually updated list; it's a living document. While applying to federal agencies, CISA recommends that all organizations follow these best practices. Timely remediation of KEV vulnerabilities is crucial for overall cybersecurity. CISA will continue expanding the KEV Catalog with vulnerabilities that meet specific criteria. Organizations prioritizing remediation can significantly reduce their cyberattack exposure.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with a new vulnerability. The newly added vulnerability is CVE-2026-3502, a TrueConf Client issue. This vulnerability involves the download of code without integrity checks. Such vulnerabilities are commonly exploited by malicious actors in cyberattacks. This vulnerability poses a significant risk to the federal enterprise, warranting immediate attention. The KEV Catalog is a product of Binding Operational Directive (BOD) 22-01. BOD 22-01 targets known vulnerabilities posing high risks to the federal government. Federal agencies are required to remediate vulnerabilities based on the due dates set by the directive. While BOD 22-01 primarily affects federal civilian executive branch agencies, CISA recommends all organizations act. Timely remediation of KEV Catalog vulnerabilities is crucial for cybersecurity. CISA will continue to update the catalog with more vulnerabilities.

CISA recently added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. This addition, CVE-2026-5281, is a Google Dawn Use-After-Free Vulnerability. Evidence of active exploitation prompted its inclusion in the catalog. Such vulnerabilities are commonly exploited by cyber actors. They present considerable risks across federal enterprises. The KEV Catalog was established by Binding Operational Directive (BOD) 22-01. This directive aims to mitigate significant risks from known exploited vulnerabilities. Federal Civilian Executive Branch (FCEB) agencies are mandated by BOD 22-01 to remediate these vulnerabilities by their due dates. This protects FCEB networks from active threats. CISA also strongly advises all organizations, regardless of federal affiliation, to prioritize KEV Catalog remediation. Doing so significantly reduces exposure to cyberattacks. CISA continually updates the catalog with vulnerabilities meeting specific criteria.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. This new entry is CVE-2026-3055, a Citrix NetScaler Out-of-Bounds Read vulnerability. This vulnerability is known to be actively exploited by malicious actors. These types of vulnerabilities are common attack vectors, posing serious risks. The KEV Catalog is a product of Binding Operational Directive (BOD) 22-01. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate vulnerabilities by specific deadlines. This aims to protect FCEB networks from active threats. The BOD 22-01 Fact Sheet provides further details regarding the directive's requirements. While BOD 22-01's requirements are specific to federal agencies. CISA recommends that all organizations address catalog vulnerabilities promptly. Doing so reduces their susceptibility to cyberattacks, aligning with effective vulnerability management. CISA is committed to continuously expanding the KEV Catalog with relevant vulnerabilities.

CISA updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. The newly added vulnerability is CVE-2025-53521, a remote code execution flaw in F5 BIG-IP. This vulnerability is actively exploited by malicious actors, presenting a serious risk. The KEV Catalog is a list of known vulnerabilities with significant risks, as defined by Binding Operational Directive (BOD) 22-01. BOD 22-01 mandates that Federal Civilian Executive Branch agencies remediate these vulnerabilities promptly. The goal is to protect federal networks from active cyber threats. Agencies must remediate vulnerabilities by the specified due date. While BOD 22-01 primarily targets federal agencies, CISA recommends all organizations mitigate risks from KEV vulnerabilities. Timely remediation of KEV vulnerabilities is crucial for effective vulnerability management. CISA is committed to adding more vulnerabilities to the KEV Catalog as needed.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with a new entry, CVE-2026-33634, for Aqua Security Trivy. This vulnerability involves embedded malicious code, posing a significant risk. These types of vulnerabilities are frequently exploited by malicious actors. The KEV Catalog is a list of known vulnerabilities with high risk, established by Binding Operational Directive 22-01. BOD 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to fix these vulnerabilities. Agencies must remediate these issues by set deadlines to secure their networks from active threats. The directive aims to protect FCEB networks by mitigating known active threats. While primarily for FCEB, CISA recommends all organizations address KEV vulnerabilities. Timely remediation of KEV vulnerabilities is crucial for reducing cyberattack exposure. CISA will continuously update the catalog with new vulnerabilities meeting the criteria.

CISA has added a new vulnerability, CVE-2026-33017, to its Known Exploited Vulnerabilities (KEV) Catalog. This specific vulnerability relates to Langflow code injection. Such vulnerabilities are frequently exploited by cybercriminals and present serious risks to federal systems. The KEV Catalog was created under Binding Operational Directive (BOD) 22-01 to identify vulnerabilities with significant risk. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies fix these identified vulnerabilities by their deadlines. This directive aims to protect FCEB networks from active threats. While BOD 22-01 specifically targets FCEB agencies, CISA highly recommends all organizations address these KEV Catalog vulnerabilities. Prioritizing remediation of these vulnerabilities is crucial for effective vulnerability management. By doing so, organizations can significantly reduce their susceptibility to cyberattacks. CISA will continue to update the catalog with qualifying vulnerabilities.

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, which are currently being actively exploited. These vulnerabilities include issues affecting Apple products, Craft CMS, and Laravel Livewire. These types of vulnerabilities are a common attack vector for malicious actors and present significant risks. The KEV Catalog is a list of known CVEs posing significant risk, according to Binding Operational Directive (BOD) 22-01. This directive mandates federal agencies to remediate identified vulnerabilities by a specific deadline. The goal is to protect federal networks against active threats by addressing these vulnerabilities. BOD 22-01 primarily impacts Federal Civilian Executive Branch agencies. CISA encourages all organizations to remediate KEV catalog vulnerabilities promptly to reduce cyberattack exposure. Prioritizing these remediations is a crucial part of an effective vulnerability management strategy. CISA will continue to update the catalog with new vulnerabilities that meet the necessary criteria.

CISA updated its Known Exploited Vulnerabilities (KEV) Catalog, including a new vulnerability. The vulnerability, identified as CVE-2026-20131, affects Cisco Secure Firewall Management Center (FMC) and Cisco Security Cloud Control (SCC) software. This specific vulnerability involves deserialization of untrusted data, a common attack method used by malicious actors. It poses a significant risk to the federal enterprise and other organizations. The KEV Catalog is a list of known vulnerabilities with high risks, as outlined in Binding Operational Directive (BOD) 22-01. BOD 22-01 requires federal agencies to address KEV vulnerabilities within specified deadlines for network protection. This directive primarily addresses Federal Civilian Executive Branch agencies. While BOD 22-01 is for federal agencies, CISA advises all organizations to prioritize KEV remediation for better cybersecurity. Timely patching of these vulnerabilities is crucial for reducing exposure to cyberattacks. CISA plans to regularly update the KEV Catalog with more vulnerabilities.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. The newly added vulnerability is CVE-2025-66376, a cross-site scripting flaw impacting Synacor Zimbra Collaboration Suite (ZCS). This vulnerability is actively being exploited by attackers. Cross-site scripting vulnerabilities are a common attack vector and present considerable risks. CISA's KEV Catalog, established by Binding Operational Directive (BOD) 22-01, identifies high-risk, exploited CVEs. BOD 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to fix these vulnerabilities by specific deadlines. This directive aims to protect FCEB networks from active threats. The Fact Sheet provides further specifics about BOD 22-01 implementation. While BOD 22-01 only applies to government agencies, all organizations are encouraged to quickly fix KEV Catalog vulnerabilities. Prioritizing these fixes is a crucial part of an effective vulnerability management strategy. CISA will continue regularly updating the KEV catalog with any newly discovered vulnerabilities.

CISA has identified malicious cyber activity targeting endpoint management systems of U.S. organizations. This activity follows the March 2026 cyberattack on Stryker Corporation, a medical technology firm. To combat similar attacks, CISA encourages organizations to strengthen their endpoint management system configurations. CISA is working with the FBI to identify and mitigate ongoing threats. Organizations should implement Microsoft's recently released best practices for securing Microsoft Intune. These practices emphasize least privilege principles for administrative roles within these systems. Use Microsoft Intune’s role-based access control (RBAC) to limit operational actions. Enforce phishing-resistant multi-factor authentication (MFA) and privileged access hygiene. Review the provided Microsoft and CISA resources for detailed guidance. CISA emphasizes these recommendations are being provided for informational purposes only. The agency does not endorse any specific commercial products or services mentioned in this alert.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. This addition, CVE-2025-47813, involves an information disclosure vulnerability in Wing FTP Server. The vulnerability's inclusion is based on observed active exploitation by malicious actors. These types of vulnerabilities are common targets, posing substantial risks to various networks. The KEV Catalog is a dynamic list of known vulnerabilities with significant risks. Binding Operational Directive 22-01 mandates FCEB agencies remediate these vulnerabilities promptly. The deadline ensures protection against current threats within federal networks. CISA recommends all organizations prioritize KEV Catalog vulnerability remediation. Timely action is essential for effective vulnerability management and reducing cyberattack exposure. CISA will continue to update the catalog with qualifying vulnerabilities.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, a list of actively exploited security flaws. Two new vulnerabilities have been added to the catalog due to confirmed active exploitation in the wild. The first vulnerability is CVE-2026-3909, an out-of-bounds write in Google Skia. The second is CVE-2026-3910, an unspecified vulnerability within Google Chromium V8. These types of vulnerabilities are high-risk attack vectors targeted by malicious actors. The KEV Catalog was created by Binding Operational Directive 22-01 to protect federal networks. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies remediate cataloged vulnerabilities by specified deadlines. The directive aims to mitigate the risk posed by known exploits. While BOD 22-01 primarily affects FCEB agencies, CISA recommends all organizations prioritize KEV Catalog remediation. This proactive approach supports better vulnerability management practices. CISA will regularly update the catalog with new vulnerabilities that meet defined criteria.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding a new vulnerability. This new entry is CVE-2025-68613, related to improper control of dynamically-managed code in n8n. This vulnerability is actively being exploited by malicious actors, posing a significant risk. The KEV Catalog is a list of vulnerabilities with high risk, established by Binding Operational Directive (BOD) 22-01. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate these vulnerabilities by specific deadlines. This directive aims to protect FCEB networks from active threats by addressing known vulnerabilities. While BOD 22-01 primarily affects FCEB agencies, CISA advises all organizations to prioritize KEV remediation. Timely remediation of KEV catalog vulnerabilities is crucial for reducing exposure to cyberattacks. CISA continually updates the catalog with vulnerabilities meeting specific criteria. The KEV Catalog is a dynamic resource for identifying and mitigating dangerous vulnerabilities. Organizations should incorporate KEV remediation into their overall vulnerability management strategies.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding three new vulnerabilities. These newly added vulnerabilities include issues in Omnissa, SolarWinds, and Ivanti products. These vulnerabilities are actively being exploited by malicious actors, posing a significant risk. The KEV Catalog is a living list maintained to help protect against known threats. Binding Operational Directive (BOD) 22-01 mandates FCEB agencies remediate these vulnerabilities. Agencies must meet specific deadlines for remediation to mitigate risks. This directive aims to safeguard federal networks from active cyberattacks. While BOD 22-01 applies to federal agencies, CISA recommends all organizations prioritize KEV Catalog remediation. Timely addressing these vulnerabilities is crucial for robust cybersecurity practices. CISA will continue to add vulnerabilities to the catalog as new threats emerge.

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding five new vulnerabilities. These newly identified vulnerabilities include flaws in Hikvision, Rockwell, and Apple products. These vulnerabilities are actively being exploited by malicious actors and pose substantial risks. The KEV Catalog serves as a list of high-risk vulnerabilities for the federal enterprise. Binding Operational Directive (BOD) 22-01 mandates FCEB agencies to fix these vulnerabilities. Agencies must meet the remediation deadlines to protect their networks. BOD 22-01 established the KEV Catalog to mitigate known threats. While primarily for federal agencies, CISA recommends all organizations prioritize KEV remediation. Timely addressing these vulnerabilities is critical for effective cybersecurity. CISA will continue updating the KEV Catalog with newly identified vulnerabilities.