CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA has added two new vulnerabilities, CVE-2009-0238 and CVE-2026-32201, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of their active exploitation. These vulnerabilities represent significant risks and frequent attack vectors for cyber actors. Federal agencies are required to remediate these, and all organizations are strongly urged to prioritize them in their vulnerability management.
IFF Assessment
The addition of actively exploited vulnerabilities to a catalog signifies immediate threats that attackers are currently leveraging, posing a direct risk to defenders.
Severity
Defender Context
Defenders must prioritize patching or mitigating these newly added KEV catalog vulnerabilities as they are actively being exploited by threat actors. The KEV catalog serves as a critical indicator of high-priority threats that warrant immediate attention to prevent successful attacks.