CISA Adds Four Known Exploited Vulnerabilities to Catalog

Summary

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These vulnerabilities affect SonicWall SMA1000 Appliances and Microsoft Active Directory Federation Services and SharePoint Server. The additions reinforce CISA's Binding Operational Directive 26-04, which requires federal agencies to prioritize the remediation of these high-risk vulnerabilities.

IFF Assessment

FOE

The addition of new exploited vulnerabilities to CISA's KEV catalog indicates active threats that pose risks to organizations, requiring defenders to prioritize patching and mitigation efforts.

Severity

10.0 Critical

CISA KEV: Listed as actively exploited. Federal patch due: July 17, 2026. Known ransomware use: Unknown.

Defender Context

Defenders must be aware of these newly identified exploited vulnerabilities and prioritize their remediation, especially for publicly exposed assets. The inclusion in the KEV catalog signifies active exploitation by threat actors, meaning unpatched systems are at immediate risk. Organizations should follow CISA's guidance on risk-based vulnerability management to allocate resources effectively.

Read Full Story →