Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA KEV listing and FCEB ActiveMQ patch order

Public Sector Action
First reported
Last updated
Happening score
H score 42
1 unique sources, 2 articles

Summary

Hide ▲

CISA added CVE-2026-34197 to the KEV Catalog and ordered FCEB agencies to patch Apache ActiveMQ servers within two weeks. The directive sets a hard April 30 deadline under BOD 22-01. It matters because the flaw is actively exploited and affects widely exposed government infrastructure.

Related Happenings

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

Open Happening

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Open Happening

CISA KEV listing and FCEB firewall directive for CVE-2026-0300

Public Sector Action
First: 07.05.2026 13:57 Last: 07.05.2026 13:57 Sources 1

About this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

CISA adds ScreenConnect and Windows flaws to KEV

Public Sector Action
First: 29.04.2026 11:46 Last: 29.04.2026 11:46 Sources 1

About this happening: CISA added **CVE-2024-1708** and **CVE-2026-32202** to the **KEV catalog**, elevating the flaws to a **federal remediation priority** because they are being **actively exploited**...

Open Happening

Timeline

  1. 17.04.2026 12:30 1 articles · 1mo ago

    Apache maintainers patch CVE-2026-34197 in ActiveMQ Classic

    Mitigation Patch Update

    Apache maintainers patched CVE-2026-34197 on March 30 in ActiveMQ Classic versions 6.2.3 and 5.19.4 after the flaw was found to stem from improper input validation that could let authenticated threat actors execute arbitrary code via injection attacks.

    Show sources
    Open in new tab
  2. 17.04.2026 12:30 2 articles · 1mo ago

    CISA adds CVE-2026-34197 to KEV and orders FCEB patching

    Legal Policy Action Update

    On April 17, CISA added CVE-2026-34197 to its Known Exploited Vulnerabilities (KEV) Catalog, warned that Apache ActiveMQ is actively exploited in attacks, and ordered Federal Civilian Executive Branch (FCEB) agencies to patch ActiveMQ servers within two weeks, by April 30, under Binding Operational Directive (BOD) 22-01.

    Show sources
    Open in new tab