CISA Adds Three Known Exploited Vulnerabilities to Catalog
Summary
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These include two command injection vulnerabilities in Fortinet FortiSandbox OS and a deserialization vulnerability in Microsoft SharePoint. The update reinforces the importance of CISA's Binding Operational Directive (BOD) 26-04 for federal agencies to prioritize remediation of these high-risk vulnerabilities.
IFF Assessment
The addition of actively exploited vulnerabilities to CISA's KEV catalog indicates new threats that defenders must address.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: July 19, 2026. Known ransomware use: Unknown.
Defender Context
This update highlights specific vulnerabilities that are being actively exploited in the wild, necessitating prompt patching and remediation by organizations, especially federal agencies. Defenders should prioritize these CVEs within their vulnerability management programs and be aware that these flaws represent significant attack vectors.