CISA Adds One Vulnerability to Known Exploited Catalog
⚠ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-33634, an Aqua Security Trivy issue involving embedded malicious code that CISA reports is being actively exploited. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their due dates; CISA urges all organizations to prioritize timely patching and mitigation. CISA will continue to update the catalog as new evidence of exploitation emerges.
