Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA orders FCEB GeoServer patching

Public Sector Action
First reported
Last updated
Happening score
H score 52
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-58360 to its KEV Catalog and ordered FCEB agencies to patch GeoServer by January 1st, 2026, tightening federal exposure to an actively exploited flaw. The directive covers GeoServer 2.26.1 and prior versions, where an unauthenticated XXE issue can expose files and support attacks. CISA also urged defenders to patch as soon as possible and use vendor mitigations or stop using the product if mitigation is unavailable.

Related Happenings

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

CPanel security patch release for CVE-2026-41940

Security Patch Release
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...

Latest development: 04.05.2026 22:14

CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.

Open Happening

CISA KEV directive for CVE-2026-20133

Public Sector Action
First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

Open Happening

CISA Apache ActiveMQ CVE-2026-34197 mitigation order

Advisory/Mitigation
First: 21.04.2026 14:17 Last: 21.04.2026 14:17 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Apache ActiveMQ** servers by **April 30** after **CVE-2026-34197** was confirmed **actively exploited**. The flaw can allow **arbitr...

Open Happening

CISA KEV listing and FCEB ActiveMQ patch order

Public Sector Action
First: 17.04.2026 12:30 Last: 17.04.2026 12:30 Sources 1

About this happening: **CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...

Open Happening

Timeline

  1. 12.12.2025 11:48 2 articles · 5mo ago

    CISA adds CVE-2025-58360 to KEV and orders GeoServer patching

    Legal Policy Action Update

    CISA added CVE-2025-58360 to its Known Exploited Vulnerabilities (KEV) Catalog, said the unauthenticated XML External Entity (XXE) flaw in GeoServer 2.26.1 and prior versions is actively exploited, and ordered Federal Civilian Executive Branch agencies to patch servers by January 1st, 2026 under Binding Operational Directive (BOD) 22-01. The same advisory urged defenders to prioritize patching as soon as possible, apply vendor mitigation guidance, or discontinue use of GeoServer if mitigations are unavailable; the flaw can be used to retrieve arbitrary files from vulnerable servers through the /geoserver/wms operation GetMap endpoint.

    Show sources
    Open in new tab