CISA Adds Six Actively Exploited Flaws in Major Software
🛡️ CISA on Apr 14, 2026 added six vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after observing active exploitation. The flaws affect Fortinet FortiClient EMS, Microsoft components (Exchange Server, Windows drivers, Host Process for Windows Tasks, VBA) and Adobe Acrobat Reader, and include SQL injection, deserialization, out-of-bounds read, use-after-free and insecure library loading. Federal civilian agencies must remediate by April 27, 2026.
