CISA

CISA Adds Three Known Exploited Vulnerabilities to Catalog

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability  

CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability  

CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vuln...