CISA Adds Seven Known Exploited Vulnerabilities to Catalog
Strategische Zusammenfassung
CISA's catalog indicates these vulnerabilities are actively exploited in the wild, elevating them from theoretical to immediate threats requiring prioritized remediation.
Volltext
Title: CISA Adds Seven Known Exploited Vulnerabilities to Catalog | CISA
URL Source: https://www.cisa.gov/news-events/alerts/2026/04/13/cisa-adds-seven-known-exploited-vulnerabilities-catalog
Markdown Content: # CISA Adds Seven Known Exploited Vulnerabilities to Catalog | CISA
[Skip to main content](https://www.cisa.gov/news-events/alerts/2026/04/13/cisa-adds-seven-known-exploited-vulnerabilities-catalog#main)
An official website of the United States government
Here’s how you know
Here’s how you know
**Official websites use .gov**
A **.gov** website belongs to an official government organization in the United States.
**Secure .gov websites use HTTPS**
A **lock** () or **https://** means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
**Due to the lapse in federal funding, this website will not be actively managed.**[**Read More**](https://go.dhs.gov/lapse-2026)
[no-cost Cyber Services](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools "Free Cyber Services")[Secure by design](https://www.cisa.gov/securebydesign)[Secure Your Business](https://www.cisa.gov/secureyourbusiness)[Shields Up](https://www.cisa.gov/node/8056)[Report A Cyber Issue](https://www.cisa.gov/report)
[](https://www.cisa.gov/)
[](https://www.cisa.gov/)
Search
[×](javascript:void(0) "Clear search box")
Menu
Close
[×](javascript:void(0) "Clear search box")
* Topics[Topics](https://www.cisa.gov/topics) [Cybersecurity Best Practices](https://www.cisa.gov/topics/cybersecurity-best-practices) [Cyber Threats and Response](https://www.cisa.gov/topics/cyber-threats-and-response) [Critical Infrastructure Security and Resilience](https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience) [Election Security](https://www.cisa.gov/topics/election-security) [Emergency Communications](https://www.cisa.gov/topics/emergency-communications) [Industrial Control Systems](https://www.cisa.gov/topics/industrial-control-systems) [Information and Communications Technology Supply Chain Security](https://www.cisa.gov/topics/information-communications-technology-supply-chain-security) [Partnerships and Collaboration](https://www.cisa.gov/topics/partnerships-and-collaboration) [Physical Security](https://www.cisa.gov/topics/physical-security) [Risk Management](https://www.cisa.gov/topics/risk-management) [How can we help?](https://www.cisa.gov/audiences) [Government](https://www.cisa.gov/topics/government)[Educational […]
[… 3,832 Zeichen — nächste Zone: keyword-dense paragraphs …]
* [CVE-2012-1854](https://www.cve.org/CVERecord?id=CVE-2012-1854 "(opens in a new window)") Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability * [CVE-2020-9715](https://www.cve.org/CVERecord?id=CVE-2020-9715 "(opens in a new window)") Adobe Acrobat Use-After-Free Vulnerability * [CVE-2023-21529](https://www.cve.org/CVERecord?id=CVE-2023-21529 "(opens in a new window)") Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability * [CVE-2023-36424](https://www.cve.org/CVERecord?id=CVE-2023-36424 "(opens in a new window)") Microsoft Windows Out-of-Bounds Read Vulnerability * [CVE-2025-60710](https://www.cve.org/CVERecord?id=CVE-2025-60710 "(opens in a new window)") Microsoft Windows Link Following Vulnerability * [CVE-2026-21643](https://www.cve.org/CVERecord?id=CVE-2026-21643 "(opens in a new window)") Fortinet SQL Injection Vulnerability * [CVE-2026-34621](https://www.cve.org/CVERecord?id=CVE-2026-34621 "(opens in a new window)") Adobe Acrobat and Reader Prototype Pollution Vulnerability
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [KEV Catalog vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog "Known Exploited Vulnerabilities Catalog") as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the [specified criteria](https://www.cisa.gov/known-exploited-vulnerabilities "Reducing the Significant Risk of Known Exploited Vulnerabilities").
CISA has added seven new vulnerabilities to its [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog "Known Exploited Vulnerabilities Catalog"), based on evidence of active exploitation.
[Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities](https://www.cisa.gov/binding-operational-directive-22-01) established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.
1. [Home](https://www.cisa.gov/) 2.
[](h […]
[… 3,365 Zeichen — nächste Zone: tail …]
[Return to top](https://www.cisa.gov/news-events/alerts/2026/04/13/cisa-adds-seven-known-exploited-vulnerabilities-catalog#top)
* [Topics](https://www.cisa.gov/topics) * [Spotlight](https://www.cisa.gov/spotlight) * [Resources & Tools](https://www.cisa.gov/resources-tools) * [News & Events](https://www.cisa.gov/news-events) * [Careers](https://www.cisa.gov/careers) * [About](https://www.cisa.gov/about)
[Cybersecurity & Infrastructure Security Agency](https://www.cisa.gov/ "Go to the Cybersecurity & Infrastructure Security Agency homepage")
* [Facebook](https://www.facebook.com/CISA) * [X](https://x.com/CISAgov) * [LinkedIn](https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency) * [YouTube](https://www.youtube.com/@cisagov) * [Instagram](https://www.instagram.com/cisagov) * [RSS](https://www.cisa.gov/subscribe-updates-cisa)
CISA Central[1-844-Say-CISA](tel:1-844-Say-CISA)[contact@cisa.dhs.gov](mailto:contact@cisa.dhs.gov)
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
* [About CISA](https://www.cisa.gov/about "About CISA") * [Budget and Performance](https://www.dhs.gov/performance-financial-reports "Budget and Performance") * [DHS.gov](https://www.dhs.gov/ "Department of Homeland Security") * [FOIA Requests](https://www.dhs.gov/foia "FOIA Requests") * [No FEAR Act](https://www.cisa.gov/no-fear-act "No FEAR Act Reporting") * [Office of Inspector General](https://www.oig.dhs.gov/ "Office of Inspector General") * [Privacy Policy](https://www.cisa.gov/privacy-policy "Privacy Policy") * [Subscribe](https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138 "Subscribe to Email Updates") * [The White House](https://www.whitehouse.gov/ "The White House") * [USA.gov](https://www.usa.gov/ "USA.gov") * [Website Feedback](https://www.cisa.gov/forms/feedback "Website Feedback")
Give Feedback