Cyber Signal — OpenWatch

CISA has added CVE-2026-33825, a Microsoft Defender Insufficient Granularity of Access Control Vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. This vulnerability type is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices.

Original (en)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33825 Microsoft Defender Insufficient Granularity of Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . 

Published

Apr 22, 2026, 06:00 PM UTC

21d ago

Significance

7.8/ 10

Source

CISA Current Activity

core tier · rss

Entities Detected

· click + to track

li><aExploited VulnerabilitiesKEVMicrosoft Defender Insufficient Granularity of Access Control Vulnerability</li>Common Vulnerabilities and ExposuresFederal Civilian Executive BranchFCEBCISAMali

Read source article →

Related Signals

Cyber

CISA has added four newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog: CVE-2024-7399 (Samsung MagicINFO path traversal), CVE-2024-57726 (SimpleHelp missing authorization), CVE-2024-57728 (SimpleHelp path traversal), and CVE-2025-29635 (D-Link DIR-823X command injection). CISA urges all organizations to prioritize remediation of these vulnerabilities as part of vulnerability management practices to reduce exposure to active cyberattacks.

CISA Current Activity·19d ago

Cyber

CISA added CVE-2025-53521 (F5 BIG-IP Remote Code Execution) to the Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. This vulnerability is subject to BOD 22-01 remediation requirements for Federal Civilian Executive Branch agencies, and CISA urges all organizations to prioritize patching as part of vulnerability management practices.

CISA Current Activity·47d ago

Cyber

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation: CVE-2024-1708 (ConnectWise ScreenConnect Path Traversal) and CVE-2026-32202 (Microsoft Windows Protection Mechanism Failure). CISA urges all organizations to prioritize timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices, as these represent significant active threats to enterprise security.

Related Investment Themes

🧠

AI Chip Bottleneck

Compute demand doubling every 6-9mo · supply chain cannot scale

OPP 🛡

US Defense Surge

Bipartisan spending surge · NATO rebuild · multi-year contract pipeline

OPP 🔌

Taiwan Semiconductor Risk

Taiwan Strait chokepoint · 90% of advanced logic chips at risk

RISK

Signal ID: b5599dc8…openwatch.io →