Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA orders FCEB GeoServer patching

Public Sector Action
First reported
Last updated
Happening score
H score 73
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-58360 to its KEV Catalog and ordered FCEB agencies to patch GeoServer by January 1st, 2026, tightening federal exposure to an actively exploited flaw. The directive covers GeoServer 2.26.1 and prior versions, where an unauthenticated XXE issue can expose files and support attacks. CISA also urged defenders to patch as soon as possible and use vendor mitigations or stop using the product if mitigation is unavailable.

Related Happenings

CISA orders FCEB Ivanti Sentry remediation under BOD 26-04

Public Sector Action
H score36 First: 12.06.2026 11:26 Last: 12.06.2026 11:26 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...

CISA orders federal patching of Oracle WebLogic CVE-2024-21182

Public Sector Action
H score53 First: 02.06.2026 15:40 Last: 02.06.2026 15:40 Sources 1

About this happening: CISA ordered **federal agencies** to patch **Oracle WebLogic Server** against **CVE-2024-21182** by **June 4**, creating an immediate remediation deadline for affected government...

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
H score70 First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

CPanel security patch release for CVE-2026-41940

Security Patch Release
H score89 First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...

Latest development: 04.05.2026 22:14

CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.

CISA KEV directive for CVE-2026-20133

Public Sector Action
H score36 First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

Timeline

  1. 12.12.2025 11:48 2 articles · 6mo ago

    CISA adds CVE-2025-58360 to KEV and orders GeoServer patching

    Legal Policy Action Update

    CISA added CVE-2025-58360 to its Known Exploited Vulnerabilities (KEV) Catalog, said the unauthenticated XML External Entity (XXE) flaw in GeoServer 2.26.1 and prior versions is actively exploited, and ordered Federal Civilian Executive Branch agencies to patch servers by January 1st, 2026 under Binding Operational Directive (BOD) 22-01. The same advisory urged defenders to prioritize patching as soon as possible, apply vendor mitigation guidance, or discontinue use of GeoServer if mitigations are unavailable; the flaw can be used to retrieve arbitrary files from vulnerable servers through the /geoserver/wms operation GetMap endpoint.

    Show sources