CISA Adds Five Known Exploited Vulnerabilities to Catalog
⚠️ CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation, affecting Linux Kernel, SmarterMail, Microsoft Office, and GNU InetUtils. The newly listed CVEs are CVE-2018-14634, CVE-2025-52691, CVE-2026-21509, CVE-2026-23760, and CVE-2026-24061 and represent frequent attack vectors that pose significant risks to federal and enterprise environments. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by required due dates, and CISA urges all organizations to prioritize timely remediation as part of vulnerability management.
