CISA

CISA Adds Four Known Exploited Vulnerabilities to Catalog

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability

CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability

CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability

CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability

These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the...