CISA 2026-04-14

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Machine-generated analysis · WAYSCloud LLM

CVE-2009-0238, a remote code execution vulnerability in Microsoft Office, has been added to the KEV Catalog despite its 2009 publication date, indicating ongoing exploitation potential.

Context

Microsoft Office is a productivity software suite used for document creation and management. The advisory states that CVE-2009-0238 allows remote code execution, and CVE-2026-32201 is an improper input validation vulnerability in Microsoft SharePoint Server. Both vulnerabilities are being actively exploited, as confirmed by their inclusion in the KEV Catalog. Worth noting is that CVE-2009-0238 remains exploitable nearly two decades after initial disclosure.

Operator considerations

Check: Microsoft Office and SharePoint Server instances for exposure to CVE-2009-0238 and CVE-2026-32201

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2009-0238 Microsoft Office Remote Code Execution Vulnerability

CVE-2026-32201 Microsoft SharePoint Server Improper Input Validation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for...

Read the full advisory on CISA →