CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
Summary
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These flaws affect Apple products, Craft CMS, and Laravel Livewire, and federal agencies are mandated to patch them by April 3, 2026.
IFF Assessment
FOE
The inclusion of these vulnerabilities in CISA's KEV catalog signifies that they are actively being exploited by threat actors, posing a direct risk to organizations and their data.
Severity
8.8
High
Defender Context
This alert from CISA highlights actively exploited vulnerabilities in widely used software, necessitating prompt patching to mitigate potential compromises. Defenders should prioritize these KEV entries and ensure their systems are updated to prevent exploitation.