CISA KEV listing and federal deadline for React2Shell
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2025-55182 to the KEV catalog after reports of active exploitation of React Server Components. The listing turns the React2Shell flaw into a federal remediation priority for Federal Civilian Executive Branch agencies. Under BOD 22-01, affected agencies must apply the required updates by December 26, 2025.
Related Happenings
CISA KEV order for Copy Fail on federal Linux devices
Public Sector Action
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector ActionAbout this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector Action
First: 17.04.2026 12:30
Last: 17.04.2026 12:30
Sources 1
About this happening:
**CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
CISA adds CVE-2026-33634 to KEV and orders FCEB mitigations
Public Sector Action
First: 13.04.2026 09:50
Last: 13.04.2026 09:50
Sources 1
About this happening:
**CISA** added **CVE-2026-33634** to its **Known Exploited Vulnerabilities (KEV) catalog**, requiring **Federal Civilian Executive Branch (FCEB)** agencies to apply mitigations by...
CISA adds CVE-2026-33634 to KEV and orders FCEB mitigations
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-33634** to its **Known Exploited Vulnerabilities (KEV) catalog**, requiring **Federal Civilian Executive Branch (FCEB)** agencies to apply mitigations by...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector Action
First: 08.04.2026 21:15
Last: 08.04.2026 21:15
Sources 1
About this happening:
**CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
Timeline
-
06.12.2025 13:40 2 articles · 5mo ago
CISA adds React2Shell to KEV with federal remediation deadline
Legal Policy Action UpdateCISA added CVE-2025-55182, also tracked as React2Shell, to the Known Exploited Vulnerabilities catalog after reports of active exploitation against React Server Components and related React server-component libraries. Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies must apply the required updates by December 26, 2025, while affected downstream frameworks include Next.js, React Router, Waku, Parcel, Vite, and RedwoodSDK.
Show sources
- Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation — thehackernews.com — 06.12.2025 13:40
- Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation — thehackernews.com — 06.12.2025 13:40