< ciso
brief />
Tag Banner

All news with #cisa kev tag

176 articles · page 4 of 9

CISA Adds Six Actively Exploited Flaws in Major Software

🛡️ CISA on Apr 14, 2026 added six vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after observing active exploitation. The flaws affect Fortinet FortiClient EMS, Microsoft components (Exchange Server, Windows drivers, Host Process for Windows Tasks, VBA) and Adobe Acrobat Reader, and include SQL injection, deserialization, out-of-bounds read, use-after-free and insecure library loading. Federal civilian agencies must remediate by April 27, 2026.
read more →

CISA Adds Seven Vulnerabilities to KEV Catalog, 2026

🔔 CISA added seven vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation, affecting Microsoft, Adobe, and Fortinet products. The CVEs cover insecure library loading, use‑after‑free, deserialization, out‑of‑bounds read, link following, SQL injection, and prototype pollution. Under BOD 22‑01, Federal Civilian Executive Branch agencies must remediate KEV entries by required dates, and CISA urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

CISA Orders Federal Agencies to Patch Ivanti EPMM Flaw

⚠️ CISA has ordered U.S. federal agencies to remediate a critical Ivanti Endpoint Manager Mobile flaw (CVE-2026-1340) that has been exploited since January. The agency added the bug to its Known Exploited Vulnerabilities catalog and invoked BOD 22-01, giving agencies until Saturday, April 11 to patch or mitigate affected systems. Ivanti released fixes on January 29 and urged all customers to update immediately.
read more →

CISA Adds Ivanti EPMM Code Injection CVE to KEV Catalog

⚠️ CISA has added CVE-2026-1340, a code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The agency notes that code injection is a common, high-risk attack vector with significant implications for federal networks. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate identified KEV entries by the required deadlines, and CISA urges all organizations to prioritize timely fixes to reduce exposure.
read more →

CISA Adds One Known-Exploited Vulnerability to KEV Catalog

⚠️ CISA has added CVE-2026-3502 to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. The vulnerability affects the TrueConf client and permits downloaded code to be executed without an integrity check, increasing the risk that attackers can deliver tampered or malicious payloads. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the required deadline; CISA strongly urges all organizations to prioritize timely remediation and strengthen routine vulnerability management.
read more →

CISA Adds CVE-2026-5281 to Known Exploited Vulnerabilities

🔔 CISA has added CVE-2026-5281, a Google Dawn use-after-free vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The listing invokes BOD 22-01 remediation requirements for Federal Civilian Executive Branch agencies, which must remediate by the specified due date. CISA strongly urges all organizations to prioritize timely remediation and strengthen vulnerability management, as use-after-free flaws are a common and impactful attack vector.
read more →

CISA Adds F5 BIG-IP CVE-2025-53521 to KEV After Exploitation

⚠️ CISA has added CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) list after evidence of active exploitation against F5 BIG-IP APM. The flaw, reclassified from a DoS to an RCE with a CVSS v4 score of 9.3, permits unauthenticated remote code execution when an APM access policy is configured on a virtual server. F5 published file, log, and traffic indicators and warned that webshells may run in memory. Organizations and FCEB agencies were directed to apply the vendor fixes by March 30, 2026.
read more →

Critical Langflow RCE Exploited Hours After Disclosure

🚨 Attackers weaponized a critical Langflow remote code execution flaw within hours of disclosure, prompting CISA to add CVE-2026-33017 to its Known Exploited Vulnerabilities catalog. The issue stems from an unauthenticated build_public_tmp API endpoint that accepts workflow data and executes embedded Python code without sandboxing, enabling unauthenticated RCE on versions up to 1.8.2. Langflow released a fix in v1.9.0 and agencies are urged to patch by April 8, 2026.
read more →

CISA Adds F5 BIG-IP RCE to Known Exploited Vulnerabilities

⚠️ CISA has added CVE-2025-53521, a remote code execution vulnerability in F5 BIG-IP, to the Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The agency notes this class of flaw is a frequent attacker vector and poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by assigned due dates. CISA strongly urges all organizations to prioritize timely remediation, apply vendor fixes or mitigations, and maintain active monitoring to reduce exposure.
read more →

CISA Warns: Critical Langflow RCE (CVE-2026-33017)

🔴 CISA warns that a critical code-injection vulnerability, CVE-2026-33017, in the Langflow AI workflow framework is being actively exploited for remote code execution. The flaw impacts Langflow versions 1.8.1 and earlier and can be triggered with a single crafted HTTP request due to unsandboxed flow execution, allowing attackers to build public flows without authentication. Administrators should upgrade to Langflow 1.9.0, disable or restrict the vulnerable endpoint, rotate keys and secrets, and avoid exposing Langflow directly to the internet. CISA added the issue to its Known Exploited Vulnerabilities list and set an April 8 deadline for agencies covered by BOD 22-01.
read more →

CISA Adds One Vulnerability to Known Exploited Catalog

⚠ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-33634, an Aqua Security Trivy issue involving embedded malicious code that CISA reports is being actively exploited. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their due dates; CISA urges all organizations to prioritize timely patching and mitigation. CISA will continue to update the catalog as new evidence of exploitation emerges.
read more →

CISA Adds Langflow Code Injection to KEV Catalog Entry

⚠️ CISA has added CVE-2026-33017 — a Langflow code injection vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the specified due dates. CISA urges all organizations to prioritize timely remediation to reduce exposure to active threats.
read more →

CISA Adds Five Vulnerabilities to KEV Catalog — Mar 20, 2026

🔔 CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on March 20, 2026: CVE-2025-31277, CVE-2025-32432, CVE-2025-43510, CVE-2025-43520, and CVE-2025-54068. The flaws affect multiple Apple products, Craft CMS, and Laravel Livewire and include buffer overflows, improper locking, and code injection risks. BOD 22-01 requires FCEB agencies to remediate listed CVEs; CISA urges all organizations to prioritize mitigation as part of routine vulnerability management.
read more →

CISA Adds Cisco FMC Deserialization Flaw to KEV Catalog

⚠️ CISA has added CVE-2026-20131 to the Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability involves deserialization of untrusted data in Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management. This class of flaw is a common attack vector and poses significant risk. CISA reminds Federal Civilian Executive Branch agencies to remediate per BOD 22-01 and urges all organizations to prioritize timely remediation as part of normal vulnerability management.
read more →

CISA Adds CVE-2026-20963 to Known Exploited Vulnerabilities

⚠️ CISA has added CVE-2026-20963 — a Microsoft SharePoint deserialization of untrusted data vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after observing active exploitation. This class of flaw is a frequent attack vector that can allow malicious actors to execute code or manipulate data when untrusted input is deserialized. CISA reminds Federal Civilian Executive Branch agencies that BOD 22-01 requires remediation by the assigned due dates and strongly urges all organizations to prioritize timely fixes.
read more →

CISA Adds One Vulnerability to Known Exploited Catalog

🔔 CISA added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog — CVE-2025-66376, a cross-site scripting (XSS) issue in Synacor Zimbra Collaboration Suite (ZCS). Evidence indicates active exploitation, prompting inclusion under BOD 22-01 guidance. While the binding directive applies to FCEB agencies, CISA strongly urges all organizations to prioritize remediation. CISA will continue to update the KEV Catalog as new exploited vulnerabilities are identified.
read more →

CISA Flags Actively Exploited Path Disclosure in Wing FTP

⚠️ CISA warned federal agencies to secure Wing FTP Server instances after adding CVE-2025-47813 to its catalog of actively exploited vulnerabilities. The flaw allows low-privileged actors to trigger error messages that expose the full local installation path and can be chained with an already-exploited RCE (CVE-2025-47812). The vendor released fixes in Wing FTP Server v7.4.4 in May 2025; organizations should apply updates or vendor mitigations immediately.
read more →

CISA Adds KEV Entry for Wing FTP Server Vulnerability

🛡️ CISA has added CVE-2025-47813, an information disclosure vulnerability affecting Wing FTP Server, to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. This class of flaw is frequently abused by threat actors and poses a notable risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV items by the specified due dates. CISA urges all organizations to prioritize timely remediation as part of standard vulnerability management.
read more →

CISA Adds Critical n8n RCE to KEV Catalog (CVE-2025-68613)

⚠️n8n's critical expression-injection flaw, tracked as CVE-2025-68613 (CVSS 9.9), has been added to CISA's Known Exploited Vulnerabilities catalog following evidence of active exploitation. The issue allows an authenticated attacker to perform remote code execution via the workflow expression evaluation system, risking full instance compromise. n8n issued fixes in December 2025 (1.120.4, 1.121.1, 1.122.0), but thousands of instances remain exposed online.
read more →

CISA warns of active exploitation: Ivanti EPM, Cisco SD‑WAN

⚠️ CISA warns that an authentication-bypass bug in Ivanti Endpoint Manager (CVE-2026-1603), patched Feb. 9, is being actively exploited to leak stored credentials. The agency also added related SolarWinds and VMware defects to its Known Exploited Vulnerabilities catalog. CISA updated an emergency directive for Cisco SD‑WAN flaws (CVE-2026-20127, CVE-2022-20775), citing signs of long-running exploitation and imposing new reporting and log-submission requirements for federal agencies, including a March 26 deadline.
read more →