CISA KEV remediation deadline for CVE-2026-22719
Public Sector Action
Summary
Hide ▲
Show ▼
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-22719 to the Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply fixes by March 24, 2026. The action turns an actively exploited flaw into a mandatory federal remediation priority. It raises urgency for agencies using Broadcom VMware Aria Operations and related VMware products.
Related Happenings
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector Action
First: 15.05.2026 08:28
Last: 15.05.2026 08:28
Sources 1
About this happening:
**CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector Action
First: 07.05.2026 13:57
Last: 07.05.2026 13:57
Sources 1
About this happening:
**CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA adds ScreenConnect and Windows flaws to KEV
Public Sector Action
First: 29.04.2026 11:46
Last: 29.04.2026 11:46
Sources 1
About this happening:
CISA added **CVE-2024-1708** and **CVE-2026-32202** to the **KEV catalog**, elevating the flaws to a **federal remediation priority** because they are being **actively exploited**...
CISA adds ScreenConnect and Windows flaws to KEV
Public Sector ActionAbout this happening: CISA added **CVE-2024-1708** and **CVE-2026-32202** to the **KEV catalog**, elevating the flaws to a **federal remediation priority** because they are being **actively exploited**...
FIRESTARTER malware on Cisco ASA and FTD devices
Malware Activity
First: 23.04.2026 15:00
Last: 23.04.2026 15:00
Sources 1
About this happening:
CISA has published analysis of **FIRESTARTER**, a malware strain that enables **remote access and control** on **Cisco Firepower** and **Secure Firewall** devices, raising the ris...
FIRESTARTER malware on Cisco ASA and FTD devices
Malware ActivityAbout this happening: CISA has published analysis of **FIRESTARTER**, a malware strain that enables **remote access and control** on **Cisco Firepower** and **Secure Firewall** devices, raising the ris...
Latest development: 24.04.2026 23:34
CISA, NCSC-UK, and Cisco detailed Firestarter persistence on Cisco Firepower and Secure Firewall devices running ASA or FTD software, attributing the backdoor to UAT-4356 and linking the activity to ArcaneDoor. The malware modifies CSP_MOUNT_LIST, stores a copy in /opt/cisco/platform/logs/var/log/svc_samcore.log, restores itself to /usr/bin/lina_cs, and relaunches after termination or reboot; Cisco recommends reimaging and upgrading to fixed releases, or using a cold restart only if reimaging is not possible.
Timeline
-
04.03.2026 06:35 2 articles · 2mo ago
CISA adds CVE-2026-22719 to KEV catalog
Legal Policy Action UpdateCISA added CVE-2026-22719 in Broadcom VMware Aria Operations to the Known Exploited Vulnerabilities catalog after citing active exploitation in the wild; the command injection flaw can let an unauthenticated attacker execute arbitrary commands and potentially reach remote code execution during support-assisted product migration.
Show sources
- CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog — thehackernews.com — 04.03.2026 06:35
- CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog — thehackernews.com — 04.03.2026 06:35
-
04.03.2026 06:35 1 articles · 2mo ago
FCEB agencies face March 24, 2026 remediation deadline
Legal Policy Action UpdateFederal Civilian Executive Branch agencies must apply fixes for VMware Aria Operations, VMware Cloud Foundation and VMware vSphere Foundation by March 24, 2026, and customers unable to patch immediately can use the `aria-ops-rce-workaround.sh` shell script as root from each Aria Operations Virtual Appliance node; Broadcom also addressed CVE-2026-22720 and CVE-2026-22721.
Show sources
- CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog — thehackernews.com — 04.03.2026 06:35