CISA

CISA Adds Three Known Exploited Vulnerabilities to Catalog

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability

CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability  

CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability

These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifi...