CISA has added CVE-2026-33825, a Microsoft Defender Insufficient Granularity of Access Control Vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. This vulnerability type is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices.