Cookie Consent by Free Privacy Policy Generator

CISA adds four actively exploited vulnerabilities to known exploited vulnerabilities catalogue

The US Cybersecurity and Infrastructure Security Agency has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalogue, indicating that all four are being actively exploited in the wild. CISA reports that the additions include the two SonicWall SMA 1000 vulnerabilities, CVE-2026-15409 and CVE-2026-15410, as well as the two Microsoft zero-days from this month's Patch Tuesday, CVE-2026-56155 and CVE-2026-56164. The KEV catalogue is used by US federal agencies to prioritise patching under Binding Operational Directive 22-01, which requires federal civilian agencies to remediate known exploited vulnerabilities within defined timeframes. While the directive applies only to US federal agencies, the KEV catalogue is publicly available and serves as a practical reference for organisations globally to understand which vulnerabilities are being actively targeted by threat actors rather than remaining theoretical risks.

Why this matters for UK organisations

The KEV catalogue provides a useful signal for prioritisation in vulnerability management. When a vulnerability is added to the list, it means that CISA has confirmed evidence of active exploitation, which shifts the risk calculation significantly. For UK organisations, particularly those in sectors that align with US critical infrastructure definitions or those using the same technologies, the KEV catalogue can be a helpful input into patch prioritisation decisions. It does not replace risk-based vulnerability management, but it does provide an additional data point that can help teams focus limited resources on the vulnerabilities most likely to be exploited in the near term. The catalogue is updated regularly, and organisations can subscribe to notifications or integrate the data into vulnerability management platforms to automate flagging of known exploited vulnerabilities. This is particularly useful for organisations that are managing large patch loads, such as the current Microsoft update, and need a way to identify which vulnerabilities should be addressed first.

What to review

Organisations should consider incorporating the CISA KEV catalogue into their vulnerability management processes as a source of threat intelligence. The catalogue is freely available and can be accessed via the CISA website or consumed as a machine-readable feed. Review whether your vulnerability management process includes a mechanism for flagging known exploited vulnerabilities and whether there is a defined escalation path for addressing them within compressed timelines. Consider whether your vulnerability scanning tools can be configured to automatically highlight KEV-listed vulnerabilities, and whether there is a process for communicating the urgency of these patches to IT operations, change management and business stakeholders. For organisations that are struggling to prioritise large patch loads, the KEV catalogue can provide a clear and defensible basis for focusing on the vulnerabilities that are most likely to be exploited, rather than attempting to address everything at once.

Source: CISA

News and blog posts
SonicWall has issued an urgent security advisory warning that two zero-day...
The US Cybersecurity and Infrastructure Security Agency has added four...
Today's brief focuses on the operational realities of managing vulnerabilities...
The National Cyber Security Centre has issued a joint advisory with...