Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

CISA KEV update and FCEB remediation deadline

Public Sector Action
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

CISA added three actively exploited vulnerabilities to the KEV catalog and ordered Federal Civilian Executive Branch agencies to remediate by June 23, 2026. The action turns the exploitation reports into a federal remediation requirement for Cisco Catalyst SD-WAN Manager, Google Chrome V8, and Arista EOS. It raises near-term pressure on affected agencies to apply fixes or mitigations before the deadline.

Related Happenings

CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies

Public Sector Action
H score27 First: 10.06.2026 15:00 Last: 10.06.2026 15:00 Sources 1

About this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...

Open Happening

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
H score39 First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182

Public Sector Action
H score59 First: 15.05.2026 08:28 Last: 15.05.2026 08:28 Sources 1

About this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...

Open Happening

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
H score42 First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Open Happening

CISA KEV listing and FCEB firewall directive for CVE-2026-0300

Public Sector Action
H score42 First: 07.05.2026 13:57 Last: 07.05.2026 13:57 Sources 1

About this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...

Open Happening

Timeline

  1. 10.06.2026 17:44 2 articles · 3h ago

    CISA adds three vulnerabilities to the KEV catalog after active exploitation reports

    Industry Or Public Sector Update

    CISA added CVE-2026-20245, CVE-2026-11645, and CVE-2026-7473 to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation. The Arista EOS flaw affects 7020R, 7280R/R2, and 7500R/R2 series when a tunnel endpoint is configured, and Arista said no patches are planned for CVE-2026-7473, recommending ACL-based mitigations on upstream devices or on the affected devices themselves.

    Show sources
    Open in new tab
  2. 10.06.2026 17:44 1 articles · 3h ago

    FCEB agencies must apply fixes or mitigations by June 23, 2026

    Legal Policy Action Update

    Federal Civilian Executive Branch (FCEB) agencies must apply the necessary fixes or mitigations for the three listed vulnerabilities by June 23, 2026. The deadline is intended to reduce exposure to the actively exploited flaws in Cisco Catalyst SD-WAN Manager, Google Chrome V8, and Arista Extensible Operating System (EOS).

    Show sources
    Open in new tab