CISA Adds Seven Known Exploited Vulnerabilities to Catalog
Summary
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating evidence of active exploitation. These vulnerabilities, including buffer overflows and denial-of-service flaws in Microsoft and Adobe products, pose significant risks, especially to the federal enterprise. CISA urges all organizations to prioritize their remediation.
IFF Assessment
The addition of actively exploited vulnerabilities to CISA's KEV catalog signifies increased risk and potential for successful attacks against organizations that do not patch them.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: June 03, 2026. Known ransomware use: Unknown.
Defender Context
Organizations should actively monitor CISA's KEV catalog and prioritize patching the newly added vulnerabilities. The inclusion of these CVEs in the catalog means they are being actively exploited in the wild, making them a high-priority target for attackers.