CISA KEV listing and FCEB ActiveMQ patch order
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2026-34197 to the KEV Catalog and ordered FCEB agencies to patch Apache ActiveMQ servers within two weeks. The directive sets a hard April 30 deadline under BOD 22-01. It matters because the flaw is actively exploited and affects widely exposed government infrastructure.
Related Happenings
CISA BOD 26-04 three-day remediation directive
Public Sector Action
H score36
First: 24.06.2026 17:35
Last: 24.06.2026 17:35
Sources 1
About this happening:
CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...
CISA BOD 26-04 three-day remediation directive
Public Sector ActionAbout this happening: CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...
Trump executive order sets federal PQC migration deadlines
Public Sector Action
H score23
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
Trump executive order sets federal PQC migration deadlines
Public Sector ActionAbout this happening: President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionAbout this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector Action
H score36
First: 16.06.2026 13:47
Last: 16.06.2026 13:47
Sources 1
About this happening:
**CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector ActionAbout this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector Action
H score36
First: 12.06.2026 11:26
Last: 12.06.2026 11:26
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
Timeline
-
17.04.2026 12:30 1 articles · 2mo ago
Apache maintainers patch CVE-2026-34197 in ActiveMQ Classic
Mitigation Patch UpdateApache maintainers patched CVE-2026-34197 on March 30 in ActiveMQ Classic versions 6.2.3 and 5.19.4 after the flaw was found to stem from improper input validation that could let authenticated threat actors execute arbitrary code via injection attacks.
Show sources
- CISA flags Apache ActiveMQ flaw as actively exploited in attacks — www.bleepingcomputer.com — 17.04.2026 12:30
-
17.04.2026 12:30 2 articles · 2mo ago
CISA adds CVE-2026-34197 to KEV and orders FCEB patching
Legal Policy Action UpdateOn April 17, CISA added CVE-2026-34197 to its Known Exploited Vulnerabilities (KEV) Catalog, warned that Apache ActiveMQ is actively exploited in attacks, and ordered Federal Civilian Executive Branch (FCEB) agencies to patch ActiveMQ servers within two weeks, by April 30, under Binding Operational Directive (BOD) 22-01.
Show sources
- CISA flags Apache ActiveMQ flaw as actively exploited in attacks — www.bleepingcomputer.com — 17.04.2026 12:30
- Actively exploited Apache ActiveMQ flaw impacts 6,400 servers — www.bleepingcomputer.com — 21.04.2026 14:17