Home/News/CISA Adds 4 Exploited Vulnerabilities to KEV Catalog
The Hacker News2 min read

CISA Adds 4 Exploited Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, citing evidence of active exploitation. These vulnerabilities are now subject to mandatory patching for federal agencies.

The newly added vulnerabilities include CVE-2026-48282, a critical path traversal flaw in Adobe ColdFusion with a CVSS score of 10.0, which could permit arbitrary code execution. Also included is CVE-2024-21694, a remote code execution vulnerability in Langflow, a popular open-source framework for building LLM applications. This flaw allows unauthenticated attackers to execute arbitrary code on the server.

Two additional vulnerabilities affecting Joomla, a widely used content management system, were also added. CVE-2024-21693, a SQL injection vulnerability, and CVE-2024-21692, an information disclosure vulnerability, are both rated with high severity. The inclusion of these flaws in the KEV catalog mandates that federal civilian executive branch agencies implement protective measures by specific deadlines.

CISA's KEV catalog serves as a critical resource for identifying and prioritizing the remediation of cybersecurity threats that pose the most significant risks to government networks and critical infrastructure. The agency continuously monitors threat intelligence to identify vulnerabilities that are being actively exploited in the wild, ensuring that organizations can proactively defend against ongoing attacks.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next