CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies.
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-20253 Splunk Enterprise Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01 .
CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways. To defend against this malicious cyber activity, CISA urges impacted Fortinet customers with FortiGate appliances and associated secure sockets layer (SSL) VPN gateways to immediately: Terminate sessions and reset credentials.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48907 Widget Factory Joomla Content Editor Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01 .
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01 . BOD 26-04 reinforces the importance of the KEV catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01 .
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-10520 Ivanti Sentry OS Command Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01 .
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability CVE-2026-20245 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751 Check Point Security Gateway Improper Authentication Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-28318, a SolarWinds Serv-U vulnerability allowing uncontrolled resource consumption, to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation. Federal agencies are required to remediate the vulnerability by a specified deadline under Binding Operational Directive 22-01.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a deserialization vulnerability in Mirasvit Full Page Cache Warmer (CVE-2026-45247) to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies are required to patch the flaw; CISA urges all organizations to prioritize remediation as part of vulnerability management.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities with confirmed active exploitation to its Known Exploited Vulnerabilities catalog: a Linux kernel authentication flaw and an Android framework integer overflow bug. Federal agencies are required to remediate these vulnerabilities by set deadlines under Binding Operational Directive 22-01.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21182, an Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Federal agencies are required to remediate the vulnerability by established deadlines, and CISA recommends all organizations prioritize patching as part of routine vulnerability management.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-0257, a Palo Alto Networks PAN-OS authentication bypass flaw, to its Known Exploited Vulnerabilities Catalog after confirming active exploitation in the wild. Federal agencies are required to remediate the vulnerability by a deadline set under binding directive BOD 22-01, while CISA recommends all organizations prioritize patching to protect against ongoing attacks.
CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and processes that support enterprise, cloud, and DevOps environments—specifically CI/CD pipelines, code extensions and workflows. Threat actors leveraged a prior compromise of Nx developer systems to compromise a GitHub employee’s device through a poisoned third-party VS Code extension, resulting in unauthorized access and exfiltration of internal GitHub repositories. The malicious extension version (18.95.0) was distributed through VS Code’s automatic update mechanism, meaning systems with Nx Console previously installed may have received the malicious build without developers taking any manual installation action.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog: flaws in Daemon Tools Lite, TanStack, and Nx Console. Federal agencies are required to patch these vulnerabilities under Binding Operational Directive 22-01, and CISA recommends all organizations prioritize remediation as part of their vulnerability management.
CISA added CVE-2026-48172, a privilege escalation flaw in the LiteSpeed cPanel plugin, to its Known Exploited Vulnerabilities catalog after detecting active exploitation. Federal agencies are required to patch the vulnerability under Binding Operational Directive 22-01; CISA recommends all organizations prioritize remediation as part of their vulnerability management.
The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-9082, a SQL injection flaw in Drupal Core, to its catalog of known exploited vulnerabilities, indicating active real-world attacks are already underway. Federal agencies are required to patch the vulnerability under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize remediation.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven known vulnerabilities to its catalog of actively exploited flaws, including old Microsoft Windows and Internet Explorer bugs alongside newer Microsoft Defender elevation-of-privilege and denial-of-service vulnerabilities. CISA is urging all organizations, particularly federal agencies, to prioritize patching these vulnerabilities as part of routine vulnerability management.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Exchange Server cross-site scripting vulnerability (CVE-2026-42897) to its Known Exploited Vulnerabilities Catalog after confirming active exploitation. Federal agencies are required to remediate the flaw under existing binding directive 22-01, and CISA urges all organizations to prioritize patching as part of standard vulnerability management.
The US Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) to its Known Exploited Vulnerabilities catalog, citing evidence of active attacks in the wild. Federal agencies must remediate the flaw under binding operational directive BOD 22-01, and CISA recommends all organizations prioritize patching to prevent exploitation of this frequently-used network infrastructure.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a SQL injection vulnerability in BerriAI's LiteLLM software to its catalog of known exploited vulnerabilities, signaling active-use attacks in the wild. Federal civilian agencies are required to patch the flaw by a set deadline; CISA is urging all organizations to prioritize remediation as part of routine vulnerability management.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Ivanti Endpoint Manager Mobile to its catalog of known exploited vulnerabilities, citing active exploitation in the wild. The flaw allows improper input validation and poses significant risk to federal networks and critical infrastructure; federal agencies are required to remediate by specified deadlines.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a Palo Alto Networks PAN-OS vulnerability (CVE-2026-0300) to its Known Exploited Vulnerabilities Catalog, indicating the flaw is being actively exploited by malicious actors. Federal agencies must remediate the vulnerability under Binding Operational Directive 22-01, and CISA urges all organizations to prioritize patching as part of their vulnerability management.
CISA added CVE-2026-31431, a Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability, to its Known Exploited Vulnerabilities Catalog based on active exploitation evidence. Federal agencies must remediate this vulnerability per Binding Operational Directive 22-01, and CISA urges all organizations to prioritize remediation as part of vulnerability management practices.
CISA added CVE-2026-41940, a missing authentication vulnerability in WebPros cPanel & WHM and WP2 (WordPress Squared), to its Known Exploited Vulnerabilities Catalog based on active exploitation evidence. The vulnerability is classified as a critical function bypass and represents a frequent attack vector for malicious actors. CISA urges all organizations to prioritize remediation as part of their vulnerability management practices, with federal agencies required to remediate by applicable due dates under BOD 22-01.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation: CVE-2024-1708 (ConnectWise ScreenConnect Path Traversal) and CVE-2026-32202 (Microsoft Windows Protection Mechanism Failure). CISA urges all organizations to prioritize timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices, as these represent significant active threats to enterprise security.
CISA has added four newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog: CVE-2024-7399 (Samsung MagicINFO path traversal), CVE-2024-57726 (SimpleHelp missing authorization), CVE-2024-57728 (SimpleHelp path traversal), and CVE-2025-29635 (D-Link DIR-823X command injection). CISA urges all organizations to prioritize remediation of these vulnerabilities as part of vulnerability management practices to reduce exposure to active cyberattacks.
CISA has added CVE-2026-39987 (Marimo Remote Code Execution Vulnerability) to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Federal agencies are required to remediate by established deadlines under BOD 22-01, while CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices.
CISA has added CVE-2026-33825, a Microsoft Defender Insufficient Granularity of Access Control Vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. This vulnerability type is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities as part of their vulnerability management practices.
The Cybersecurity and Infrastructure Security Agency (CISA) has added eight newly discovered vulnerabilities showing evidence of active exploitation to its Known Exploited Vulnerabilities Catalog. The vulnerabilities span multiple critical systems including PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE, Zimbra Collaboration Suite, and Cisco Catalyst SD-WAN Manager, affecting authentication, path traversal, and information disclosure. Federal agencies are required to remediate these vulnerabilities by specified deadlines under Binding Operational Directive 22-01, and CISA urges all organizations to prioritize patching as part of their vulnerability management strategy.
CISA has issued an alert after attackers compromised two versions of the widely-used Axios npm package on March 31, 2026, injecting a malicious dependency that downloads a remote access trojan — urging developers and organizations to downgrade, rotate credentials, and audit any pipelines that ran the affected versions.
The Cybersecurity and Infrastructure Security Agency (CISA) has added Apache ActiveMQ's CVE-2026-34197 improper input validation vulnerability to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation in the wild. Federal agencies are required to remediate the flaw under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize patching as part of vulnerability management practices.
The US Cybersecurity and Infrastructure Security Agency (CISA) added two Microsoft vulnerabilities to its catalog of known exploited vulnerabilities based on evidence of active attacks. A remote code execution flaw in Microsoft Office (CVE-2009-0238) and an improper input validation vulnerability in SharePoint Server (CVE-2026-32201) are now listed as actively exploited by threat actors. Federal civilian agencies must remediate these by mandatory deadlines; CISA is urging all organizations to prioritize patching as part of routine vulnerability management.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog, including flaws in Microsoft Windows, Exchange Server, and Adobe Acrobat. Federal agencies are required to patch these vulnerabilities under Binding Operational Directive 22-01, though CISA is urging all organizations to prioritize remediation given active exploitation in the wild.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has cataloged a newly exploited vulnerability in Ivanti's Endpoint Manager Mobile platform as a known active threat, requiring federal agencies to patch systems by a specified deadline to defend against ongoing attacks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Fortinet FortiClient EMS vulnerability to its Known Exploited Vulnerabilities catalog after detecting active exploitation by malicious actors. Federal civilian agencies are required to patch the flaw under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize remediation of the vulnerability as part of their vulnerability management practices.
The U.S. Cybersecurity and Infrastructure Security Agency has added a TrueConf Client vulnerability to its catalog of known exploited vulnerabilities, following evidence of active attacks in the wild. The flaw allows unauthenticated download of code without integrity verification, creating a high-risk vector for malicious actors targeting federal networks and other organizations.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Google Dawn use-after-free vulnerability (CVE-2026-5281) to its Known Exploited Vulnerabilities Catalog after detecting active exploitation in the wild. Federal civilian agencies are required under Binding Operational Directive 22-01 to remediate the flaw on a set timeline, and CISA is urging all organizations to prioritize patching as part of routine vulnerability management.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Citrix NetScaler vulnerability (CVE-2026-3055) to its catalog of known exploited vulnerabilities, citing evidence of active attacks. Federal agencies are required to patch the flaw under binding federal directive, and CISA is urging all organizations to prioritize remediation to reduce exposure to cyberattacks.
CISA added CVE-2025-53521 (F5 BIG-IP Remote Code Execution) to the Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. This vulnerability is subject to BOD 22-01 remediation requirements for Federal Civilian Executive Branch agencies, and CISA urges all organizations to prioritize patching as part of vulnerability management practices.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-33634, an embedded malicious code vulnerability in Aqua Security's Trivy tool, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. Federal agencies are required to remediate the vulnerability under Binding Operational Directive 22-01, though CISA urges all organizations to prioritize patching given the tool's widespread use in software supply chains.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow code injection vulnerability (CVE-2026-33017) to its Known Exploited Vulnerabilities catalog after confirming active exploitation by malicious actors. Federal agencies are required to remediate the flaw by CISA's deadline, while CISA urges all organizations to prioritize patching to defend against ongoing attacks.
The US Cybersecurity and Infrastructure Security Agency has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, including multiple flaws in Apple products and critical code injection vulnerabilities in Craft CMS and Laravel Livewire. Federal agencies are required to patch these by specified deadlines, and CISA is urging all organizations to prioritize remediation as part of vulnerability management practice.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical deserialization vulnerability in Cisco Secure Firewall Management Center and Security Cloud Control to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Federal agencies are required to remediate the flaw by a mandated deadline under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize patching to prevent cyberattacks.
The U.S. Cybersecurity and Infrastructure Security Agency has flagged a critical Microsoft SharePoint vulnerability (CVE-2026-20963) as actively exploited in the wild, adding it to its official catalog of known vulnerabilities that require urgent patching by federal agencies. The deserialization flaw is a common attack vector used by malicious actors and poses substantial risk to federal networks and broader organizational infrastructure.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed CVE-2025-66376, a cross-site scripting vulnerability in Zimbra Collaboration Suite, as actively exploited in the wild. Federal agencies must remediate the flaw by a legally mandated deadline, and CISA is urging all organizations to prioritize patching as part of vulnerability management.
CISA issued an alert following a March 11, 2026 cyberattack on medical technology giant Stryker Corporation that compromised its Microsoft environment, warning that threat actors are broadly targeting endpoint management systems and urging organizations to harden Microsoft Intune configurations using least-privilege, phishing-resistant MFA, and multi-admin approval policies.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. Federal civilian agencies must remediate the flaw under Binding Operational Directive 22-01, with CISA urging all organizations to prioritize patching as part of vulnerability management.