CISA FortiWeb remediation order for FCEB agencies
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered U.S. federal civilian agencies to secure FortiWeb within one week after the flaw was exploited in zero-day attacks, sharply raising the urgency for federal remediation. The directive covers CVE-2025-58034, an OS command injection issue that can enable unauthorized code execution through crafted HTTP requests or CLI commands. CISA also added the flaw to its Known Exploited Vulnerabilities Catalog under BOD 22-01, setting a deadline of Tuesday, November 25th.
Related Happenings
Pretalx stored XSS (CVE-2026-41241)
Vulnerability
First: 27.05.2026 17:30
Last: 27.05.2026 17:30
Sources 1
About this happening:
A high-severity **stored XSS** in **Pretalx** tracked as **CVE-2026-41241** let registered speakers inject code that could run when an organizer searched a submission, creating **...
Pretalx stored XSS (CVE-2026-41241)
VulnerabilityAbout this happening: A high-severity **stored XSS** in **Pretalx** tracked as **CVE-2026-41241** let registered speakers inject code that could run when an organizer searched a submission, creating **...
CISA orders FCEB patching for CVE-2026-9082
Public Sector Action
First: 26.05.2026 11:46
Last: 26.05.2026 11:46
Sources 1
About this happening:
**CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
CISA orders FCEB patching for CVE-2026-9082
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
Vulnerability
First: 22.05.2026 08:47
Last: 22.05.2026 08:47
Sources 1
About this happening:
**CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...
CISA KEV directive for CVE-2026-20133
Public Sector Action
First: 21.04.2026 15:30
Last: 21.04.2026 15:30
Sources 1
About this happening:
On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV directive for CVE-2026-20133
Public Sector ActionAbout this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector Action
First: 08.04.2026 21:15
Last: 08.04.2026 21:15
Sources 1
About this happening:
**CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
Timeline
-
19.11.2025 15:44 2 articles · 6mo ago
CISA orders FortiWeb remediation for CVE-2025-58034
Legal Policy Action UpdateCISA ordered U.S. federal civilian agencies to secure Fortinet FortiWeb against CVE-2025-58034 within one week after the flaw was used in zero-day attacks, and added the vulnerability to the Known Exploited Vulnerabilities Catalog under BOD 22-01 with a Tuesday, November 25th deadline. CVE-2025-58034 is an OS command injection issue that can allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands, and CISA also cited CVE-2025-64446 as another FortiWeb flaw under recent and ongoing exploitation.
Show sources
- CISA gives govt agencies 7 days to patch new Fortinet flaw — www.bleepingcomputer.com — 19.11.2025 15:44
- CISA gives govt agencies 7 days to patch new Fortinet flaw — www.bleepingcomputer.com — 19.11.2025 15:44