CISA Adds Seven Known Exploited Vulnerabilities to Catalog

p CISA has added seven new vulnerabilities to its a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog" Known Exploited Vulnerabilities (KEV) Catalog /a , based on evidence of active exploitation. /p ul li a href="https://www.cve.org/CVERecord?id=CVE-2012-1854" target="_blank" CVE-2012-1854 /a Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2020-9715" target="_blank" CVE-2020-9715 /a Adobe Acrobat Use-After-Free Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2023-21529" target="_blank" CVE-2023-21529 /a Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2023-36424" target="_blank" CVE-2023-36424 /a Microsoft Windows Out-of-Bounds Read Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2025-60710" target="_blank" CVE-2025-60710 /a Microsoft Windows Link Following Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2026-21643" target="_blank" CVE-2026-21643 /a Fortinet SQL Injection Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2026-34621" target="_blank" CVE-2026-34621 /a Adobe Acrobat and Reader Prototype Pollution Vulnerability /li /ul p These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. /p p a href="https://www.cisa.gov/binding-operational-directive-22-01" Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities /a established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf" BOD 22-01 Fact Sheet /a for more information. /p p Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog" KEV Catalog vulnerabilities /a as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a