< ciso
brief />
Tag Banner

All news with #cisa kev tag

176 articles · page 3 of 9

CISA Advisory: Multiple Critical Vulnerabilities in ScadaBR

⚠ CISA reports multiple critical vulnerabilities in ScadaBR version 1.2.0, including missing authentication, OS command injection, CSRF, and hard-coded credentials. Successful exploitation could enable unauthenticated remote code execution, root command execution, arbitrary sensor injection, or full administrative access. The vendor did not respond to CISA requests; users should contact ScadaBR support and implement network-level mitigations immediately.
read more →

CISA Adds Cisco SD-WAN CVE to KEV; FCEB Remediate Now

🔒 CISA has added CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller, to its Known Exploited Vulnerabilities catalog and requires Federal Civilian Executive Branch agencies to remediate by May 17, 2026. The flaw is rated 10.0 (CVSS) and allows an unauthenticated remote attacker to obtain administrative privileges. Cisco links active exploitation to threat cluster UAT-8616 and advises customers to follow its advisories and mitigation guidance.
read more →

CISA Adds New Entry to Known Exploited Vulnerabilities

⚠️ CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on 2026-05-14 after confirming active exploitation. The agency warns that such vulnerabilities are common attack vectors and present significant risk to the federal enterprise. CISA directs organizations to follow Emergency Directive 26-03 and BOD 22-01 guidance, assess exposure, and apply mitigations or discontinue affected Cisco SD-WAN products if mitigations are not available.
read more →

CISA Adds KEV Entry for BerriAI LiteLLM SQLi Risk Now

🔔 CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-42208, a SQL injection affecting BerriAI LiteLLM. The agency cites evidence of active exploitation and notes that SQLi remains a common, high-risk vector. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed flaws by their due dates. CISA urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

Refresh Timing Risks: CVE Exposure in Aging Servers

🔍 A healthcare customer bought servers in 2017 and, due to COVID-era lifecycle extensions and current supply-chain bottlenecks, now faces expiring vendor support and long lead times that prevent timely hardware refresh. The article recommends building a complete inventory using scanners (Nessus, Qualys, Rapid7, Greenbone/OpenVAS), network discovery (Nmap) and device fingerprinting (runZero), then mapping assets to NVD and CISA Known Exploited Vulnerabilities (KEV). Use a weighted risk formula to prioritize remediation and sort systems into immediate, managed, and monitored tiers. Document risk acceptance, deploy compensating controls where needed, and consider continuous monitoring with Wazuh.
read more →

CISA Adds Ivanti EPMM Vulnerability to KEV Catalog

🔔 CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-6973, an Ivanti Endpoint Manager Mobile (EPMM) improper input validation flaw. CISA cites evidence of active exploitation and emphasizes the significant risk this class of vulnerability poses to the federal enterprise. The agency reminds FCEB agencies of remediation requirements under BOD 22-01 and strongly urges all organizations to prioritize timely fixes.
read more →

CISA Adds One Known Exploited Vulnerability to KEV

⚠️ CISA has added CVE-2026-0300, an Palo Alto Networks PAN-OS out-of-bounds write vulnerability, to the KEV Catalog after evidence of active exploitation. BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate cataloged vulnerabilities by their due dates. Although the directive applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management. CISA will continue to update the catalog when vulnerabilities meet its criteria.
read more →

CISA Adds Actively Exploited Linux Root Bug to KEV

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed Linux kernel vulnerability, CVE-2026-31431, to its Known Exploited Vulnerabilities (KEV) catalog following evidence of in-the-wild activity. The privilege escalation bug, nicknamed Copy Fail, affects kernels shipped since 2017 and carries a CVSS score of 7.8; patches are available in kernel releases 6.18.22, 6.19.12, and 7.0. Security vendors warn the flaw is especially dangerous for containerized environments when the algif_aead module is exposed on hosts, and detecting exploitation is difficult because the exploit uses legitimate system calls.
read more →

CISA Adds Two Known-Exploited Vulnerabilities to KEV Catalog

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The entries are CVE-2024-1708, a path traversal flaw in ConnectWise ScreenConnect, and CVE-2026-32202, a protection mechanism failure in Microsoft Windows. Under BOD 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate KEV-listed flaws by specified due dates, and CISA strongly urges all organizations to prioritize timely remediation as part of vulnerability management.
read more →

CISA Adds Four Actively Exploited Flaws to KEV Catalog

⚠️ CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers, citing evidence of active exploitation. The listed flaws include two SimpleHelp issues (CVE-2024-57726, CVE-2024-57728), a Samsung path traversal (CVE-2024-7399), and a D-Link command injection (CVE-2025-29635). Agencies are urged to apply fixes or retire affected devices by May 8, 2026.
read more →

CISA: Over 10,000 Zimbra Servers Vulnerable to XSS

⚠️ Shadowserver and CISA warn that more than 10,500 internet-exposed Zimbra Collaboration Suite instances remain vulnerable to an actively exploited cross-site scripting bug tracked as CVE-2025-48700. Synacor issued patches in June 2025, but the flaw can be triggered without user interaction when a maliciously crafted email is viewed in the Classic UI. CISA added the issue to its Known Exploited Vulnerabilities catalog and ordered federal agencies to secure affected servers by April 23.
read more →

CISA Adds Four Vulnerabilities to KEV Catalog; Urges Fixes

🚨 CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation: CVE-2024-7399 (Samsung MagicINFO 9 path traversal), CVE-2024-57726 (SimpleHelp missing authorization), CVE-2024-57728 (SimpleHelp path traversal), and CVE-2025-29635 (D-Link DIR-823X command injection). The agency notes these are common attack vectors that present significant risk to the federal enterprise and reminds Federal Civilian Executive Branch agencies of remediation obligations under BOD 22-01. Although that directive applies only to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of standard vulnerability management.
read more →

CISA Adds Marimo RCE to Known Exploited Vulnerabilities

⚠️ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-39987, a Marimo Remote Code Execution flaw the agency identified as actively exploited. The advisory notes that Remote Code Execution is a common, high-risk attack vector capable of enabling full system compromise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed issues by required deadlines, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

CISA Adds Eight Exploited Flaws to KEV Catalog, Fixes Needed

⚠️ CISA added eight vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation and highlighting three flaws in Cisco Catalyst SD-WAN Manager. The list includes high-impact issues such as CVE-2025-32975 (Quest KACE SMA, CVSS 10.0) and authentication, path traversal, and XSS flaws in PaperCut, TeamCity, Kentico, and Zimbra. CISA noted prior ties of CVE-2023-27351 to Lace Tempest and recent Arctic Wolf telemetry on KACE abuse; Cisco confirmed active exploitation of two SD-WAN flaws in March 2026. Federal civilian agencies are urged to remediate the three Cisco vulnerabilities by April 23, 2026, and the remaining flaws by May 4, 2026.
read more →

CISA Adds Eight Vulnerabilities to KEV Catalog After Exploitation

⚠️ CISA added eight vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog after observed active exploitation. The additions include flaws affecting PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE SMA, Synacor Zimbra, and multiple issues in Cisco Catalyst SD‑WAN Manager. Under BOD 22‑01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by the prescribed due dates; CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

NIST will stop rating lower-priority vulnerabilities

🔍 NIST will stop providing severity scores and detailed enrichment for lower-priority CVEs beginning April 15, citing a surge in submissions that has overwhelmed its capacity. The National Vulnerability Database will continue to list all reported CVEs, but entries deemed low priority will keep only the severity assigned by the submitting CNA. NIST will only add detailed analysis for issues in CISA’s KEV, those affecting U.S. federal software, or critical software defined by EO 14028; organizations may request enrichment for low-priority entries via email to nvd@nist.gov.
read more →

CISA: Active Exploitation of Apache ActiveMQ CVE-2026-34197

🔴 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that a high-severity Apache ActiveMQ flaw, CVE-2026-34197, is being actively exploited in attacks. The bug, present for 13 years, allows authenticated attackers to execute arbitrary code via improper input validation and injection. Apache released patches on March 30 for ActiveMQ Classic 6.2.3 and 5.19.4, and CISA added the CVE to its KEV catalog, ordering federal agencies to patch by April 30.
read more →

CISA Adds Apache ActiveMQ RCE CVE-2026-34197 to KEV

⚠️ CISA has added CVE-2026-34197 to its Known Exploited Vulnerabilities catalog after active exploitation reports targeting Apache ActiveMQ Classic. The flaw is an improper input validation issue that can enable code injection via the Jolokia management API, potentially allowing arbitrary OS command execution. While the bug typically requires credentials, default credentials and a prior authentication bypass in some versions can render it effectively unauthenticated. Users should upgrade to ActiveMQ 5.19.4 or 6.2.3 to remediate the issue.
read more →

NIST Narrows CVE Enrichment Amid Growing Backlog Strain

🔍 NIST will restrict enrichment in its National Vulnerability Database to the most critical CVEs, prioritizing entries in CISA’s Known Exploited Vulnerabilities (KEV), software used by the federal government, and other critical products. All other CVEs will be ingested but marked as not scheduled, and the agency will stop recalculating severity scores when submitters provide their own. The move follows a surge in submissions and a backlog of more than 30,000 CVEs, and NIST says it will adopt automation and delegate tasks to CNAs to stabilize NVD operations.
read more →

CISA Adds Two Exploited Microsoft Vulnerabilities to KEV

🛡️ CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2009-0238, a Microsoft Office remote code execution flaw, and CVE-2026-32201, an improper input validation vulnerability in Microsoft SharePoint Server. The additions reflect evidence of active exploitation. Under BOD 22-01 FCEB agencies must remediate cataloged CVEs by the due date; CISA urges all organizations to prioritize remediation.
read more →