CISA adds four actively exploited flaws to KEV with FCEB deadlines
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added four vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, putting FCEB agencies on a forced remediation track. The update sets a February 15, 2026 deadline for CVE-2025-40536 and a March 5, 2026 deadline for the other three flaws. The move formalizes federal prioritization of bugs already being used in the wild.
Related Happenings
BeyondTrust Remote Support and Privileged Remote Access critical fixes
Security Patch Release
H score38
First: 07.07.2026 08:16
Last: 07.07.2026 08:16
Sources 1
About this happening:
**BeyondTrust** released **RS 25.3.3** and **PRA 25.3.3** to fix **four critical vulnerabilities** in its remote-access appliances, including **pre-authentication access-control b...
BeyondTrust Remote Support and Privileged Remote Access critical fixes
Security Patch ReleaseAbout this happening: **BeyondTrust** released **RS 25.3.3** and **PRA 25.3.3** to fix **four critical vulnerabilities** in its remote-access appliances, including **pre-authentication access-control b...
Ubiquiti UniFi OS actively exploited access control bypass, traversal, and RCE flaws (multiple vulnerabilities)
Vulnerability
H score43
First: 24.06.2026 17:35
Last: 24.06.2026 17:35
Sources 1
About this happening:
**Ubiquiti UniFi OS** now has **three actively exploited CVEs** that can let attackers make unauthorized changes, expose sensitive files, and reach **remote code execution** on vu...
Ubiquiti UniFi OS actively exploited access control bypass, traversal, and RCE flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **Ubiquiti UniFi OS** now has **three actively exploited CVEs** that can let attackers make unauthorized changes, expose sensitive files, and reach **remote code execution** on vu...
CI/CD pull-request privilege-escalation flaw (Cordyceps)
Vulnerability
H score32
First: 24.06.2026 15:48
Last: 24.06.2026 15:48
Sources 1
About this happening:
**Cordyceps** exposed a **CI/CD workflow privilege-escalation flaw** in **pull-request automation** that let **unauthenticated users** hijack privileged workflows and reach open-s...
CI/CD pull-request privilege-escalation flaw (Cordyceps)
VulnerabilityAbout this happening: **Cordyceps** exposed a **CI/CD workflow privilege-escalation flaw** in **pull-request automation** that let **unauthenticated users** hijack privileged workflows and reach open-s...
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionAbout this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector Action
H score36
First: 16.06.2026 13:47
Last: 16.06.2026 13:47
Sources 1
About this happening:
**CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector ActionAbout this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
Timeline
-
13.02.2026 10:34 2 articles · 4mo ago
CISA adds four flaws to KEV catalog
Legal Policy Action UpdateCISA adds CVE-2026-20700, CVE-2025-15556, CVE-2025-40536, and CVE-2024-43468 to the Known Exploited Vulnerabilities catalog, directing Federal Civilian Executive Branch agencies to remediate CVE-2025-40536 by February 15, 2026 and the remaining three by March 5, 2026.
Show sources
- Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability — thehackernews.com — 13.02.2026 10:34
- CISA flags critical Microsoft SCCM flaw as exploited in attacks — www.bleepingcomputer.com — 13.02.2026 14:35