CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added CVE-2026-33634, a vulnerability in Aqua Security's Trivy tool that allows for embedded malicious code, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is due to evidence of active exploitation, and CISA urges all organizations to prioritize its remediation.
IFF Assessment
The identification of a new, actively exploited vulnerability directly increases the attack surface and poses an immediate threat to organizations.
Defender Context
This alert highlights the critical importance of actively monitoring CISA's KEV catalog for actively exploited vulnerabilities. Defenders must prioritize patching or mitigating CVE-2026-33634, as it is already being leveraged by attackers. Organizations should ensure their vulnerability management programs are robust enough to respond quickly to such high-priority disclosures.