CISA Adds Three Known Exploited Vulnerabilities to Catalog
Summary
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation. These vulnerabilities affect JoomShaper SP Page Builder, Langflow, and Joomlack Page Builder. The additions reinforce the importance of CISA's Binding Operational Directive (BOD) 26-04, which mandates federal agencies prioritize remediation of these high-risk vulnerabilities.
IFF Assessment
The article details newly identified actively exploited vulnerabilities, presenting new risks and attack vectors for defenders to address.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: July 10, 2026. Known ransomware use: Unknown.
Defender Context
Defenders need to be aware of these newly added KEV entries and prioritize patching or implementing mitigations for the affected software. The inclusion in the KEV catalog signifies active exploitation, meaning these vulnerabilities are likely being leveraged in real-world attacks, posing an immediate threat.