cisa kev

CISA added CVE-2024-21182, an Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities Catalog on June 1, 2026, after determining that attackers were actively exploiting the flaw against systems running affected Oracle Fusion Middleware WebLogic versions in the wild and...

On May 29, 2026, CISA added CVE-2026-0257, a Palo Alto Networks PAN-OS GlobalProtect authentication bypass vulnerability under active exploitation, to its Known Exploited Vulnerabilities catalog, requiring U.S. federal civilian agencies to remediate it by the catalog deadline. The alert is...

CISA added CVE-2026-8398, CVE-2026-45321, and CVE-2026-48027 to its Known Exploited Vulnerabilities Catalog on May 27, 2026, after confirming active exploitation affecting DAEMON Tools Lite, TanStack packages, and the Nx Console developer extension. The move is more than another federal patching...

On May 22, 2026, CISA added CVE-2026-9082, a Drupal Core SQL injection vulnerability affecting PostgreSQL-backed sites, to its Known Exploited Vulnerabilities catalog after evidence showed active exploitation in the wild. The move turns what was already an urgent Drupal security release into a...

CISA added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog on May 20, 2026, including five legacy Microsoft and Adobe flaws from 2008 through 2010 and two 2026 Microsoft Defender vulnerabilities, after determining that all seven have evidence of active exploitation. The...

CISA added CVE-2026-42897, a Microsoft Exchange Server cross-site scripting vulnerability affecting Outlook Web Access on on-premises Exchange, to its Known Exploited Vulnerabilities Catalog on May 15, 2026, after evidence showed the flaw was being actively exploited in real-world attacks. The...

On May 14, 2026, CISA added CVE-2026-20182, a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability, to its Known Exploited Vulnerabilities Catalog after evidence showed the flaw is being actively exploited in the wild. The move is not just another entry in a federal spreadsheet...

CISA on May 8, 2026, added CVE-2026-42208, a critical SQL injection flaw in BerriAI’s LiteLLM AI proxy, to its Known Exploited Vulnerabilities Catalog after evidence showed attackers were actively exploiting the bug against systems that broker access to large language model services. The entry...

On May 6, 2026, CISA added CVE-2026-0300, a Palo Alto Networks PAN-OS out-of-bounds write flaw in the User-ID Authentication Portal, to its Known Exploited Vulnerabilities catalog after evidence showed active exploitation against exposed firewall portals in the wild and federal agencies were put...

CISA added CVE-2026-31431, a Linux kernel local privilege escalation flaw known as “Copy Fail,” to its Known Exploited Vulnerabilities Catalog on May 1, 2026, after evidence of active exploitation, triggering mandatory remediation for U.S. federal civilian agencies under BOD 22-01. The move...

CISA added CVE-2026-41940, a critical missing-authentication vulnerability in WebPros cPanel & WHM and WP Squared, to its Known Exploited Vulnerabilities Catalog on April 30, 2026, after evidence showed the flaw was already being exploited in active attacks. The move turns a hosting-industry...

CISA’s April 23, 2026 update to its Known Exploited Vulnerabilities Catalog is a reminder that the most dangerous security problems are often the ones attackers have already operationalized. This time, the agency added a single entry: CVE-2026-39987, a Marimo remote code execution vulnerability...

CISA’s latest addition to its Known Exploited Vulnerabilities Catalog is a sharp reminder that active exploitation still matters more than abstract severity scores. On April 16, 2026, the agency added CVE-2026-34197, an Apache ActiveMQ flaw described as an improper input validation...

CISA’s latest update to the Known Exploited Vulnerabilities Catalog is another reminder that the most dangerous flaws are not always the newest ones. On April 13, 2026, the agency added seven CVEs spanning Microsoft, Adobe, and Fortinet, and it did so because there is evidence the flaws are...

CISA’s latest addition to the Known Exploited Vulnerabilities Catalog is a reminder that the agency still sees active exploitation as the best signal for urgency, not just theoretical severity. On April 8, 2026, CISA added CVE-2026-1340, a code injection vulnerability in Ivanti Endpoint Manager...

Background CISA’s latest KEV update is a familiar kind of warning with an increasingly urgent tone: Fortinet FortiClient EMS has joined the Known Exploited Vulnerabilities Catalog after evidence emerged that attackers are actively using the flaw in the wild. The vulnerability, tracked as...

CISA’s latest Known Exploited Vulnerabilities Catalog update is a reminder that the agency’s most important work is less about counting bugs than about narrowing the attack surface that adversaries actually use. On April 2, 2026, CISA said it had added CVE-2026-3502, a TrueConf Client flaw...

CISA’s decision to add CVE-2025-53521, a F5 BIG-IP remote code execution issue, to the Known Exploited Vulnerabilities (KEV) Catalog is another reminder that patching priority is now driven as much by evidence of exploitation as by severity scores. The move matters because KEV listing instantly...

CISA’s latest addition to the Known Exploited Vulnerabilities (KEV) Catalog is a sharp reminder that software supply chain risk is no longer an abstract concern for security teams. On March 26, 2026, the agency added CVE-2026-33634, described as an Aqua Security Trivy embedded malicious code...

CISA’s decision to add five more vulnerabilities to its Known Exploited Vulnerabilities catalog is another reminder that the agency’s exploitation-driven model is now the center of gravity for defensive prioritization. The latest additions span Apple, Craft CMS, and Laravel Livewire...