The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation and increasing risks to enterprise and government systems. The update underscores the urgency for organizations to address critical vulnerabilities that are being actively leveraged by threat actors.
The newly added vulnerabilities span multiple widely used platforms and software, including Fortinet, Microsoft, and Adobe systems. Among the most critical is CVE-2026-21643, a high-severity SQL injection flaw (CVSS score: 9.1) in Fortinet FortiClient EMS. The vulnerability allows unauthenticated attackers to execute unauthorized code or commands via specially crafted HTTP requests, posing significant risks to enterprise environments.
CISA’s KEV update also includes CVE-2020-9715, a use-after-free vulnerability in Adobe Acrobat Reader that can lead to remote code execution, and CVE-2023-36424, an out-of-bounds read flaw in the Microsoft Windows Common Log File System Driver that could enable privilege escalation. These vulnerabilities highlight persistent risks across both legacy and modern software environments.
Another critical addition is CVE-2023-21529, a deserialization vulnerability in Microsoft Exchange Server that allows authenticated attackers to achieve remote code execution. Microsoft recently disclosed that a threat actor identified as Storm-1175 has been actively exploiting this flaw to deploy Medusa ransomware, demonstrating its real-world impact on enterprise systems.
CISA also included CVE-2025-60710, an improper link resolution vulnerability in the Host Process for Windows Tasks that enables local privilege escalation, as well as CVE-2012-1854, an older insecure library loading flaw in Microsoft Visual Basic for Applications (VBA) that can still be exploited for remote code execution in targeted attacks.
The inclusion of CVE-2026-21643 follows confirmed exploitation attempts observed since March 24, 2026, indicating that attackers are actively targeting Fortinet environments. Meanwhile, Microsoft had previously acknowledged limited, targeted attacks exploiting CVE-2012-1854, although specific details about those attacks remain unclear.
Despite active exploitation of some vulnerabilities, there are currently no public reports confirming attacks leveraging the remaining flaws. However, their inclusion in the KEV catalog signals a high likelihood of exploitation and the need for immediate remediation.
In response to these developments, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply necessary patches and mitigations by April 27, 2026. The directive reflects the growing urgency to address known vulnerabilities before they can be widely weaponized.
The latest KEV update highlights the evolving threat landscape, where both newly discovered and legacy vulnerabilities continue to be exploited. For organizations, timely patching and proactive vulnerability management remain critical to defending against increasingly sophisticated cyber threats.
Recommended Cyber Technology News :
- CISA Flags Critical Fortinet Vulnerability Under Active Exploitation
- Hyperbridge Vulnerability Triggers $237K Crypto Exploit
- ESET Warns EDR Killers Are Changing Ransomware Threats
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
