CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

Save

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its Known Exploited Vulnerabilities (KEV) catalog with three critical vulnerabilities, signaling to security professionals that active exploitation has been detected in the wild. This urgent addition underscores the growing threats facing enterprise infrastructure and highlights the importance of timely patching in cybersecurity defense strategies.

The agency's action follows confirmed reports of active exploitation of vulnerabilities affecting products from Cisco, Google Chrome, and Arista Networks. Among the newly cataloged flaws is CVE-2026-20245, which impacts Cisco Catalyst SD-WAN Manager with a CVSS score of 7.8. This particular vulnerability stems from improper encoding or escaping of output, potentially allowing malicious actors to execute unauthorized actions. While details regarding the specific Chrome and Arista vulnerabilities were limited at the time of this reporting, their inclusion in the KEV catalog indicates similar severity levels and confirmed exploitation.

Organizations utilizing any of these affected products face immediate risk, as threat actors actively target these vulnerabilities to compromise systems. The addition to the KEV catalog represents a clear directive from CISA that federal agencies must address these security gaps according to binding operational directives, while private sector organizations should treat

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!