CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, specifically CVE-2023-4346 and CVE-2026-46817, due to evidence of active exploitation. The article emphasizes the importance of the KEV Catalog for federal agencies in prioritizing security updates based on risk, as mandated by Binding Operational Directive (BOD) 26-04, and encourages all organizations to adopt similar risk-based vulnerability management practices.
IFF Assessment
The addition of actively exploited vulnerabilities to a public catalog is bad news for defenders as it highlights active threats that need immediate attention.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: July 18, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should pay close attention to the vulnerabilities added to CISA's KEV catalog, as these are known to be actively exploited by malicious actors. Prioritizing patching and remediation for these specific CVEs is crucial to reduce the attack surface and prevent successful exploitation by threat actors targeting known weaknesses.