CISA Adds Two Known Exploited Vulnerabilities to Catalog

Summary

CISA has added two new vulnerabilities, CVE-2026-48939 and CVE-2026-56291, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These vulnerabilities, found in iCagenda and Balbooa Forms respectively, allow unrestricted file uploads of dangerous types. CISA urges all organizations, especially federal agencies, to prioritize the remediation of these and other KEV Catalog vulnerabilities.

IFF Assessment

FOE

The addition of new actively exploited vulnerabilities to CISA's KEV catalog represents a direct threat to organizations, as these flaws are already being leveraged by malicious actors.

Severity

9.8 Critical

CISA KEV: Listed as actively exploited. Federal patch due: July 13, 2026. Known ransomware use: Unknown.

Defender Context

The inclusion of these vulnerabilities in CISA's KEV catalog signifies that they are actively being exploited in the wild and pose an immediate risk. Defenders should prioritize patching or implementing mitigations for these specific CVEs, particularly on publicly accessible systems, to prevent exploitation.

Read Full Story →