CISA added CVE-2008-4128 to its Known Exploited Vulnerabilities catalog after confirming in-the-wild exploitation of a cross-site request forgery flaw in Cisco IOS 12.4 on Cisco 871 Integrated Services Routers. The vulnerability affects the HTTP Administration interface and can let a remote attacker trick an authenticated administrator into executing arbitrary commands through crafted HTTP requests and specific URIs tied to functions such as show privilege and alias exec.
The KEV catalog update increased the total number of listed vulnerabilities from 1637 to 1638 and marked ransomware use as unknown for this Cisco issue. CISA directed organizations to apply vendor mitigations and said federal civilian executive branch agencies must remediate the flaw under applicable Binding Operational Directive requirements, with the catalog listing a remediation due date of 2026-07-16; private-sector defenders were also urged to review the KEV entry and address affected devices in their environments.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
1 event from the most recent confirmed update back to the earliest known activity.
On 2026-07-13, CISA added CVE-2008-4128, a Cisco IOS 12.4 cross-site request forgery vulnerability affecting Cisco 871 Integrated Services Routers, to its Known Exploited Vulnerabilities catalog. The entry states the flaw is known to be exploited in the wild and can allow remote attackers to execute arbitrary commands via specific HTTP administration interface URIs.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
6 references tracked. Mallory keeps watching after this page renders.
cybersecuritynews.com
Open sourcescworld.com
Open sourcesecurityaffairs.com
Open sourcegithub.com
Open sourcecisa.gov
Open sourcecve.org
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.