CISA Adds Three Known Exploited Vulnerabilities to Catalog
Summary
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These vulnerabilities, affecting Daemon Tools Lite, TanStack, and Nx Console, are flagged as frequent attack vectors posing significant risks. The KEV Catalog is part of a directive requiring federal agencies to remediate these vulnerabilities, and CISA urges all organizations to prioritize their patching.
IFF Assessment
The inclusion of new, actively exploited vulnerabilities in CISA's KEV Catalog indicates an increased threat landscape and potential for successful attacks against organizations, representing bad news for defenders.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: May 30, 2026. Known ransomware use: Unknown.
Defender Context
This update highlights the importance of actively monitoring CISA's KEV Catalog and prioritizing remediation for listed vulnerabilities, as they are known to be exploited in the wild. Defenders should ensure their vulnerability management programs are aligned with CISA's advisories to mitigate these specific risks promptly.