CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
Summary
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to reports of active exploitation. These include flaws in Cisco Catalyst SD-WAN Manager, Google Chrome, and Arista Networks.
IFF Assessment
The inclusion of these vulnerabilities in CISA's KEV catalog, along with reports of active exploitation, indicates immediate threats to organizations that do not apply patches, representing bad news for defenders.
Severity
The CVSS score of 7.8 indicates a 'High' severity vulnerability, likely due to a combination of factors such as an exploitable attack vector and significant impact on confidentiality and integrity.
CISA KEV: Listed as actively exploited. Federal patch due: June 23, 2026. Known ransomware use: Unknown.
Defender Context
Defenders must prioritize patching these newly added KEV vulnerabilities to mitigate the risk of active exploitation. Organizations should ensure their vulnerability management programs are robust and responsive to CISA advisories.