The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding six new security vulnerabilities. This update, announced on Monday, highlights evidence of active exploitation and urges relevant agencies to address these issues promptly.
Details on Newly Added Vulnerabilities
The vulnerabilities, affecting software from Fortinet, Microsoft, and Adobe, present significant risks. Among them is CVE-2026-21643, a severe SQL injection flaw in Fortinet FortiClient EMS with a CVSS score of 9.1. This vulnerability allows unauthorized code execution through crafted HTTP requests.
Adobe Acrobat Reader is impacted by CVE-2020-9715, a use-after-free vulnerability permitting remote code execution. Microsoft software is affected by several vulnerabilities: CVE-2023-36424 in Windows Common Log File System Driver, leading to privilege escalation, and CVE-2023-21529, a deserialization issue in Exchange Server that can enable remote code execution by authenticated users.
Additionally, CVE-2025-60710 involves an improper link resolution in Windows Tasks, which can elevate local privileges, while CVE-2012-1854 in Visual Basic for Applications poses a risk of remote code execution due to insecure library loading.
Evidence of Active Exploitation
Defused Cyber reported attempts to exploit CVE-2026-21643 beginning March 24, 2026. Meanwhile, Microsoft disclosed that the threat actor Storm-1175 is leveraging CVE-2023-21529 to deploy Medusa ransomware. Historical advisories from Microsoft, dating back to July 2012, noted limited attacks utilizing CVE-2012-1854, though details remain sparse.
No public records currently indicate the exploitation of the other listed vulnerabilities. However, the active exploitation of some flaws underscores the urgency of applying security patches.
Mandated Actions for Federal Agencies
In response to these threats, Federal Civilian Executive Branch (FCEB) agencies are mandated to implement the necessary patches by April 27, 2026. This directive aims to mitigate potential risks associated with these vulnerabilities.
The update to the KEV catalog serves as a crucial reminder of the evolving landscape of cybersecurity threats. Continuous vigilance and timely action are essential to safeguard systems from exploitation.
As software vulnerabilities continue to pose significant security challenges, agencies and organizations must prioritize patch management and system updates to protect their infrastructure.
