All news with #cisa kev tag

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch an actively exploited Oracle WebLogic vulnerability, CVE-2024-21182, by June 4 under BOD 22-01. The flaw affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 and enables unauthenticated remote compromise via T3/IIOP. Shodan reports over 1,592 exposed and vulnerable WebLogic instances, and CISA urges all organizations to apply vendor mitigations or discontinue use if fixes are unavailable.

🔒 Palo Alto Networks patched CVE-2026-0257, an authentication bypass on the GlobalProtect portal and gateway, after attackers began exploiting the flaw. Initially rated medium, the issue was raised to high severity following multiple exploitation attempts on unpatched PAN-OS devices. Rapid7 observed forged-cookie probes and VPN IP assignment to internal networks, prompting urgent patching guidance. CISA added the vulnerability to its KEV Catalog and federal agencies must remediate by June 1.

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical, actively exploited privilege escalation flaw in the LiteSpeed cPanel user-end plugin, tracked as CVE-2026-48172. LiteSpeed released urgent updates to fix the issue in the lsws.redisAble function and advised administrators to check logs and block suspicious IPs. CISA added the flaw to its known exploited vulnerabilities catalog and required patches by May 29 under BOD 22-01.

🛡️ CISA has mandated U.S. federal agencies to patch an actively exploited SQL injection vulnerability in the Drupal CMS (CVE-2026-9082) by the specified deadline. Discovered by Google/Mandiant researcher Michael Maturi, the flaw affects Drupal's database abstraction API and allows unauthenticated SQL injection against PostgreSQL-backed sites. The Drupal team labelled the bug highly critical and released fixes after observing exploitation in the wild; Shadowserver reports nearly 670 exposed installations. CISA added the issue to its KEV Catalog and urged all organizations to apply vendor mitigations immediately.

🔍 Verizon’s 2025 DBIR finds exploited vulnerabilities were the initial cause in 31% of breaches, overtaking credential abuse at 13%. The report highlights slower remediation: only 26% of critical CISA KEVs were fully fixed, with median patch time rising to 43 days. Analysts warn AI-driven exploit development, sprawling supply chains, and growing vulnerability volumes are worsening the threat landscape, urging risk-based continuous patching and stronger identity controls.

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection flaw in Drupal Core (CVE-2026-9082, CVSS 6.5) to its Known Exploited Vulnerabilities list after evidence of active exploitation. The vulnerability affects all supported Drupal Core versions and could enable privilege escalation and remote code execution via crafted requests using the database abstraction API. Patches were released across multiple 8.x–11.x branches, with manual patches required for Drupal 9.5 and 8.9.

🔍 Verizon's latest DBIR reports that vulnerability exploitation has become the top initial access vector, accounting for 31% of breaches compared with 13% for credential abuse. The study links this shift to slower patching—only 26% of CISA KEV critical flaws were fully remediated—and a larger backlog of critical vulnerabilities. It also warns that threat actors may be using AI to scale discovery and exploitation, and highlights rising supply-chain incidents, increased shadow AI adoption, and persistent human-factor risks.

⚠ CISA reports multiple critical vulnerabilities in ScadaBR version 1.2.0, including missing authentication, OS command injection, CSRF, and hard-coded credentials. Successful exploitation could enable unauthenticated remote code execution, root command execution, arbitrary sensor injection, or full administrative access. The vendor did not respond to CISA requests; users should contact ScadaBR support and implement network-level mitigations immediately.

🔒 CISA has added CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller, to its Known Exploited Vulnerabilities catalog and requires Federal Civilian Executive Branch agencies to remediate by May 17, 2026. The flaw is rated 10.0 (CVSS) and allows an unauthenticated remote attacker to obtain administrative privileges. Cisco links active exploitation to threat cluster UAT-8616 and advises customers to follow its advisories and mitigation guidance.

⚠️ CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on 2026-05-14 after confirming active exploitation. The agency warns that such vulnerabilities are common attack vectors and present significant risk to the federal enterprise. CISA directs organizations to follow Emergency Directive 26-03 and BOD 22-01 guidance, assess exposure, and apply mitigations or discontinue affected Cisco SD-WAN products if mitigations are not available.

🔔 CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-42208, a SQL injection affecting BerriAI LiteLLM. The agency cites evidence of active exploitation and notes that SQLi remains a common, high-risk vector. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed flaws by their due dates. CISA urges all organizations to prioritize timely remediation as part of routine vulnerability management.

🔍 A healthcare customer bought servers in 2017 and, due to COVID-era lifecycle extensions and current supply-chain bottlenecks, now faces expiring vendor support and long lead times that prevent timely hardware refresh. The article recommends building a complete inventory using scanners (Nessus, Qualys, Rapid7, Greenbone/OpenVAS), network discovery (Nmap) and device fingerprinting (runZero), then mapping assets to NVD and CISA Known Exploited Vulnerabilities (KEV). Use a weighted risk formula to prioritize remediation and sort systems into immediate, managed, and monitored tiers. Document risk acceptance, deploy compensating controls where needed, and consider continuous monitoring with Wazuh.

🔔 CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-6973, an Ivanti Endpoint Manager Mobile (EPMM) improper input validation flaw. CISA cites evidence of active exploitation and emphasizes the significant risk this class of vulnerability poses to the federal enterprise. The agency reminds FCEB agencies of remediation requirements under BOD 22-01 and strongly urges all organizations to prioritize timely fixes.

⚠️ CISA has added CVE-2026-0300, an Palo Alto Networks PAN-OS out-of-bounds write vulnerability, to the KEV Catalog after evidence of active exploitation. BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate cataloged vulnerabilities by their due dates. Although the directive applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management. CISA will continue to update the catalog when vulnerabilities meet its criteria.

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed Linux kernel vulnerability, CVE-2026-31431, to its Known Exploited Vulnerabilities (KEV) catalog following evidence of in-the-wild activity. The privilege escalation bug, nicknamed Copy Fail, affects kernels shipped since 2017 and carries a CVSS score of 7.8; patches are available in kernel releases 6.18.22, 6.19.12, and 7.0. Security vendors warn the flaw is especially dangerous for containerized environments when the algif_aead module is exposed on hosts, and detecting exploitation is difficult because the exploit uses legitimate system calls.

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The entries are CVE-2024-1708, a path traversal flaw in ConnectWise ScreenConnect, and CVE-2026-32202, a protection mechanism failure in Microsoft Windows. Under BOD 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate KEV-listed flaws by specified due dates, and CISA strongly urges all organizations to prioritize timely remediation as part of vulnerability management.

⚠️ CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers, citing evidence of active exploitation. The listed flaws include two SimpleHelp issues (CVE-2024-57726, CVE-2024-57728), a Samsung path traversal (CVE-2024-7399), and a D-Link command injection (CVE-2025-29635). Agencies are urged to apply fixes or retire affected devices by May 8, 2026.

⚠️ Shadowserver and CISA warn that more than 10,500 internet-exposed Zimbra Collaboration Suite instances remain vulnerable to an actively exploited cross-site scripting bug tracked as CVE-2025-48700. Synacor issued patches in June 2025, but the flaw can be triggered without user interaction when a maliciously crafted email is viewed in the Classic UI. CISA added the issue to its Known Exploited Vulnerabilities catalog and ordered federal agencies to secure affected servers by April 23.

🚨 CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation: CVE-2024-7399 (Samsung MagicINFO 9 path traversal), CVE-2024-57726 (SimpleHelp missing authorization), CVE-2024-57728 (SimpleHelp path traversal), and CVE-2025-29635 (D-Link DIR-823X command injection). The agency notes these are common attack vectors that present significant risk to the federal enterprise and reminds Federal Civilian Executive Branch agencies of remediation obligations under BOD 22-01. Although that directive applies only to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of standard vulnerability management.

⚠️ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-39987, a Marimo Remote Code Execution flaw the agency identified as actively exploited. The advisory notes that Remote Code Execution is a common, high-risk attack vector capable of enabling full system compromise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed issues by required deadlines, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.