CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA has added two new vulnerabilities, CVE-2026-21385 and CVE-2026-22719, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively being exploited and pose significant risks, particularly to government entities. Organizations are urged to prioritize their remediation.
IFF Assessment
The inclusion of actively exploited vulnerabilities in CISA's KEV catalog indicates that threat actors are currently leveraging these weaknesses, posing an immediate threat to organizations.
Severity
Defender Context
This alert highlights the critical need for defenders to stay informed about CISA's KEV catalog and to promptly address any listed vulnerabilities. The active exploitation of these flaws means that organizations that do not patch them are at a high risk of compromise, potentially leading to data breaches or system disruptions.