CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA has added two new vulnerabilities, CVE-2026-3909 (Google Skia Out-of-Bounds Write) and CVE-2026-3910 (Google Chromium V8 Unspecified), to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are being actively exploited and pose significant risks, particularly to federal agencies mandated to remediate them.
IFF Assessment
The addition of actively exploited vulnerabilities to CISA's KEV catalog indicates they are currently being used in attacks, posing an immediate threat to organizations.
Defender Context
Organizations, especially federal agencies, must prioritize the remediation of these newly added KEV vulnerabilities to mitigate active exploitation risks. Staying informed about CISA's KEV catalog is crucial for effective vulnerability management and defense against current threats.