CISA Adds Four Actively Exploited Vulnerabilities to the KEV Catalog
CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation: CVE-2008-0015 (Microsoft Windows Video ActiveX Control RCE), CVE-2020-7796 (Synacor Zimbra Collaboration Suite SSRF, noted as relevant when the WebEx zimlet is installed and zimlet JSP is enabled), CVE-2024-7694 (TeamT5 ThreatSonar Anti-Ransomware unrestricted file upload that can enable server-side command execution when an attacker has admin access to the platform), and CVE-2026-2441 (Google Chromium CSS use-after-free). Under BOD 22-01, U.S. Federal Civilian Executive Branch (FCEB) agencies are required to remediate KEV-listed issues by CISA’s specified due dates, and CISA urged all organizations to prioritize remediation as part of vulnerability management.
CISA’s public KEV data repository was updated to reflect the new catalog release (increasing the total count and adding entries including CVE-2020-7796 and CVE-2024-7694 with remediation guidance and metadata). Separately, industry commentary emphasized that KEV is best used as a prioritization input rather than a blanket “panic list,” recommending teams weigh exploitability context (e.g., required privileges/local access vs. remote control) and combine KEV with other signals such as CVSS, EPSS, and observed exploit tooling to drive patch sequencing.
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
1 more from sources like cisa advisories
Related Stories
CISA Adds Five Actively Exploited Vulnerabilities to the KEV Catalog
CISA added **five vulnerabilities** to its **Known Exploited Vulnerabilities (KEV) Catalog** based on evidence of **active exploitation**, reinforcing that these issues are being used as real-world attack vectors and should be prioritized for remediation. The newly listed CVEs are **CVE-2018-14634** (Linux kernel integer overflow / local privilege escalation), **CVE-2025-52691** (SmarterTools *SmarterMail* unrestricted file upload enabling RCE), **CVE-2026-21509** (Microsoft Office security feature bypass), **CVE-2026-23760** (SmarterTools *SmarterMail* authentication bypass via alternate path/channel), and **CVE-2026-24061** (GNU *InetUtils* argument injection). CISA reiterated that these vulnerability classes are frequently leveraged by threat actors and pose material risk to enterprise environments. Under **BOD 22-01**, U.S. Federal Civilian Executive Branch (FCEB) agencies are required to remediate KEV-listed vulnerabilities by CISA-specified due dates, and CISA urged all organizations to treat KEV entries as high-priority items in vulnerability management. Additional technical context highlighted that **CVE-2025-52691** can enable unauthenticated arbitrary file upload leading to **remote code execution** (noted as **CVSS 10.0** in the reporting) and that **CVE-2018-14634**, while older, remains relevant where legacy Linux kernels persist—underscoring that KEV additions can include long-standing flaws when exploitation is observed in the wild.
1 months agoCISA Adds Five Actively Exploited Vulnerabilities to the KEV Catalog
CISA added **five vulnerabilities** to its **Known Exploited Vulnerabilities (KEV) Catalog** based on evidence of **active exploitation**, urging organizations to prioritize remediation and reminding U.S. Federal Civilian Executive Branch (FCEB) agencies that **BOD 22-01** requires fixes by mandated due dates. The newly added KEVs are **CVE-2017-7921** (Hikvision improper authentication), **CVE-2021-22681** (Rockwell insufficiently protected credentials), and three Apple issues: **CVE-2021-30952** (integer overflow/wraparound), **CVE-2023-41974** (iOS/iPadOS use-after-free), and **CVE-2023-43000** (use-after-free affecting multiple Apple products). CISA emphasized that KEV-listed flaws are common attack vectors and represent elevated risk, even for non-federal organizations. CISA’s public *kev-data* repository reflects the same update, increasing the catalog count from **1531 to 1536** and recording a remediation **due date of 2026-03-26** for at least **CVE-2017-7921** (with required action to apply vendor mitigations or discontinue use if unavailable). Separately, Cisco Talos published a 2025 CVE retrospective that provides broader context on the growing volume of vulnerabilities and KEV additions, noting a year-over-year increase in KEVs and highlighting persistent exploitation of older CVEs; however, it does not add incident-specific details about the five newly listed KEVs beyond reinforcing the operational importance of patching and compensating controls for unpatchable systems.
1 weeks ago
CISA Updates KEV Catalog as Research Questions How KEV Should Be Prioritized
**CISA added six Microsoft vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog** based on evidence of active exploitation: `CVE-2026-21510`, `CVE-2026-21513`, `CVE-2026-21514`, `CVE-2026-21519`, `CVE-2026-21525`, and `CVE-2026-21533` (including a Windows Remote Desktop Services elevation-of-privilege issue). Under **Binding Operational Directive (BOD) 22-01**, U.S. Federal Civilian Executive Branch (FCEB) agencies are required to remediate KEV-listed issues by CISA’s specified due dates, and CISA urged non-federal organizations to similarly prioritize remediation given KEV vulnerabilities’ frequent use as attack vectors. Separately, researchers published an analysis of the **KEV catalog’s composition and operational value**, arguing that KEV inclusion is often misinterpreted as “most severe” rather than “known exploited with a mitigation path.” The paper reports that only **~32% of KEV entries are immediately exploitable for initial access**, and that many KEV vulnerabilities are not remotely exploitable or require authentication, reinforcing the need for context-driven prioritization. The accompanying free tool, **KEV Collider**, enriches KEV entries with signals such as **CVSS, EPSS, SSVC, Metasploit, Nuclei, and MITRE ATT&CK mappings** to help security teams triage remediation and detection work under resource constraints.
1 months ago