Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA KEV remediation order for CVE-2024-1086

Public Sector Action
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2024-1086 to the Known Exploited Vulnerabilities (KEV) catalog and ordered federal agencies to secure their systems by June 20, 2024, forcing urgent remediation of an actively exploited Linux kernel flaw. The directive covers a privilege-escalation weakness that can yield root-level access on affected systems. The action raises the urgency for federal defenders because exploitation is already tied to ransomware attacks.

Related Happenings

Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)

Vulnerability
H score30 First: 26.06.2026 16:00 Last: 26.06.2026 16:00 Sources 1

About this happening: A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...

Linux kernel DirtyClone privilege escalation (CVE-2026-43503)

Vulnerability
H score29 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...

Linux kernel maintainers security patch release for CVE-2026-43503

Security Patch Release
H score34 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...

CISA adds CVE-2026-20262 to KEV and orders federal fixes

Public Sector Action
H score32 First: 16.06.2026 09:05 Last: 16.06.2026 09:05 Sources 1

About this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...

CISA KEV update and FCEB remediation deadline

Public Sector Action
H score33 First: 10.06.2026 17:44 Last: 10.06.2026 17:44 Sources 1

About this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...

Timeline

  1. 31.10.2025 15:05 2 articles · 8mo ago

    CISA orders federal agencies to secure systems against CVE-2024-1086 by June 20, 2024

    Legal Policy Action Update

    CISA added CVE-2024-1086, a Linux kernel use-after-free flaw in netfilter: nf_tables, to its Known Exploited Vulnerabilities (KEV) catalog in May 2024 and directed federal agencies to secure their systems by June 20, 2024 because the flaw was being used in ransomware attacks.

    Show sources
  2. 31.10.2025 15:05 1 articles · 8mo ago

    CISA confirms CVE-2024-1086 is being exploited in ransomware attacks

    Initial Disclosure

    CISA confirmed that CVE-2024-1086, a high-severity Linux kernel privilege-escalation flaw, is now being exploited in ransomware attacks, meaning local attackers can potentially gain root-level access on affected systems.

    Show sources