Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA KEV listing and FCEB ActiveMQ patch order

Public Sector Action
First reported
Last updated
Happening score
H score 70
1 unique sources, 2 articles

Summary

Hide ▲

CISA added CVE-2026-34197 to the KEV Catalog and ordered FCEB agencies to patch Apache ActiveMQ servers within two weeks. The directive sets a hard April 30 deadline under BOD 22-01. It matters because the flaw is actively exploited and affects widely exposed government infrastructure.

Related Happenings

CISA BOD 26-04 three-day remediation directive

Public Sector Action
H score36 First: 24.06.2026 17:35 Last: 24.06.2026 17:35 Sources 1

About this happening: CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...

Trump executive order sets federal PQC migration deadlines

Public Sector Action
H score23 First: 23.06.2026 18:16 Last: 23.06.2026 18:16 Sources 1

About this happening: President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...

CISA KEV remediation order for CVE-2026-48907

Public Sector Action
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...

CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw

Public Sector Action
H score36 First: 16.06.2026 13:47 Last: 16.06.2026 13:47 Sources 1

About this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...

CISA orders FCEB Ivanti Sentry remediation under BOD 26-04

Public Sector Action
H score36 First: 12.06.2026 11:26 Last: 12.06.2026 11:26 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...

Timeline

  1. 17.04.2026 12:30 1 articles · 2mo ago

    Apache maintainers patch CVE-2026-34197 in ActiveMQ Classic

    Mitigation Patch Update

    Apache maintainers patched CVE-2026-34197 on March 30 in ActiveMQ Classic versions 6.2.3 and 5.19.4 after the flaw was found to stem from improper input validation that could let authenticated threat actors execute arbitrary code via injection attacks.

    Show sources
  2. 17.04.2026 12:30 2 articles · 2mo ago

    CISA adds CVE-2026-34197 to KEV and orders FCEB patching

    Legal Policy Action Update

    On April 17, CISA added CVE-2026-34197 to its Known Exploited Vulnerabilities (KEV) Catalog, warned that Apache ActiveMQ is actively exploited in attacks, and ordered Federal Civilian Executive Branch (FCEB) agencies to patch ActiveMQ servers within two weeks, by April 30, under Binding Operational Directive (BOD) 22-01.

    Show sources