CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability
CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the...
Read the full advisory on CISA →