Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA adds four actively exploited flaws to KEV with FCEB deadlines

Public Sector Action
First reported
Last updated
Happening score
H score 51
2 unique sources, 2 articles

Summary

Hide ▲

CISA added four vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, putting FCEB agencies on a forced remediation track. The update sets a February 15, 2026 deadline for CVE-2025-40536 and a March 5, 2026 deadline for the other three flaws. The move formalizes federal prioritization of bugs already being used in the wild.

Related Happenings

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

CERT-In issues 12-hour patch guidance for Indian organizations

Public Sector Action
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...

Open Happening

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)

Vulnerability
First: 22.05.2026 08:47 Last: 22.05.2026 08:47 Sources 1

About this happening: **CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...

Open Happening

CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182

Public Sector Action
First: 15.05.2026 08:28 Last: 15.05.2026 08:28 Sources 1

About this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...

Open Happening

Timeline

  1. 13.02.2026 10:34 2 articles · 3mo ago

    CISA adds four flaws to KEV catalog

    Legal Policy Action Update

    CISA adds CVE-2026-20700, CVE-2025-15556, CVE-2025-40536, and CVE-2024-43468 to the Known Exploited Vulnerabilities catalog, directing Federal Civilian Executive Branch agencies to remediate CVE-2025-40536 by February 15, 2026 and the remaining three by March 5, 2026.

    Show sources
    Open in new tab