CISA expands KEV catalog and sets February 16 remediation deadline
Public Sector Action
Summary
Hide ▲
Show ▼
CISA expanded the KEV catalog with five flaws and told federal agencies to fix them by February 16, tightening remediation pressure for vulnerabilities already tied to exploitation. The update included two SmarterMail bugs reported as exploited last week and a Microsoft Office zero-day. It matters because the KEV list is a federal mechanism for driving urgent patching of known-abused weaknesses.
Related Happenings
CERT-In 12-hour KEV remediation guidance
Advisory/Mitigation
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
About this happening:
CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In 12-hour KEV remediation guidance
Advisory/MitigationAbout this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector Action
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
About this happening:
**CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector ActionAbout this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
CISA orders FCEB patching for CVE-2026-9082
Public Sector Action
First: 26.05.2026 11:46
Last: 26.05.2026 11:46
Sources 1
About this happening:
**CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
CISA orders FCEB patching for CVE-2026-9082
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector Action
First: 15.05.2026 08:28
Last: 15.05.2026 08:28
Sources 1
About this happening:
**CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA emergency patch deadline for Ivanti EPMM
Public Sector Action
First: 08.05.2026 15:16
Last: 08.05.2026 15:16
Sources 1
About this happening:
CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA emergency patch deadline for Ivanti EPMM
Public Sector ActionAbout this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
Timeline
-
27.01.2026 12:37 2 articles · 4mo ago
CISA expands KEV catalog with five flaws and February 16 deadline
Legal Policy Action UpdateCISA expanded the Known Exploited Vulnerabilities (KEV) catalog with five flaws, including CVE-2026-24061 in GNU Inetutils, CVE-2018-14634 in the Linux kernel, two SmarterMail bugs, and a Microsoft Office zero-day, and urged federal agencies to address all five bugs by February 16.
Show sources
- Organizations Warned of Exploited Linux Vulnerabilities — www.securityweek.com — 27.01.2026 12:37
- Organizations Warned of Exploited Linux Vulnerabilities — www.securityweek.com — 27.01.2026 12:37