BACK TO NEWS
CERT Advisories

CISA Flags Five Actively Exploited Vulnerabilities in Latest KEV Update

3 min readSource: CISA Cybersecurity Advisories

CISA adds five new CVEs to its Known Exploited Vulnerabilities Catalog, urging federal agencies and organizations to patch immediately due to active exploitation.

CISA Expands KEV Catalog with Five Actively Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The update, issued on January 26, 2026, mandates federal civilian agencies to remediate these flaws by February 16, 2026, under Binding Operational Directive (BOD) 22-01.

Technical Details of the Added CVEs

The newly listed vulnerabilities include:

  1. CVE-2024-21887 (Ivanti Connect Secure and Policy Secure)

    • Type: Command injection vulnerability
    • Severity: Critical (CVSS 9.1)
    • Impact: Allows unauthenticated attackers to execute arbitrary commands on vulnerable systems via crafted requests.

  2. CVE-2023-46805 (Ivanti Connect Secure and Policy Secure)

    • Type: Authentication bypass
    • Severity: High (CVSS 8.2)
    • Impact: Enables attackers to bypass authentication controls and gain unauthorized access to restricted resources.

  3. CVE-2023-22527 (Atlassian Confluence Data Center and Server)

    • Type: Remote code execution (RCE)
    • Severity: Critical (CVSS 10.0)
    • Impact: Exploits a template injection flaw, allowing unauthenticated attackers to execute arbitrary code on vulnerable Confluence instances.

  4. CVE-2024-0204 (Fortra GoAnywhere MFT)

    • Type: Authentication bypass
    • Severity: Critical (CVSS 9.8)
    • Impact: Permits attackers to create admin users and gain full control over affected systems.

  5. CVE-2023-27532 (Apache Superset)

    • Type: Insecure default configuration
    • Severity: High (CVSS 8.9)
    • Impact: Allows unauthorized attackers to authenticate and access sensitive data due to a default SECRET_KEY in Superset installations.

Impact Analysis

These vulnerabilities pose significant risks to organizations, particularly those using Ivanti, Atlassian Confluence, Fortra GoAnywhere, or Apache Superset. Active exploitation has been observed, with threat actors leveraging these flaws to:

  • Gain unauthorized access to corporate networks
  • Deploy ransomware or other malware
  • Exfiltrate sensitive data
  • Establish persistence for further attacks

Federal agencies are required to patch these vulnerabilities by the February 16 deadline, but CISA strongly urges all organizations—public and private—to prioritize remediation to mitigate potential breaches.

Recommendations for Security Teams

  1. Immediate Patching: Apply vendor-provided patches or mitigations without delay.
  2. Network Segmentation: Isolate vulnerable systems to limit lateral movement if exploitation occurs.
  3. Monitoring and Detection: Deploy intrusion detection/prevention systems (IDS/IPS) to identify exploitation attempts.
  4. User Awareness: Train employees to recognize phishing or social engineering tactics that may precede exploitation.
  5. KEV Catalog Review: Regularly check CISA’s KEV Catalog for updates and prioritize remediation of listed vulnerabilities.

For more details, refer to CISA’s official advisory.

Share

TwitterLinkedIn