BACK TO NEWS
CERT Advisories

CISA Flags Four Actively Exploited Vulnerabilities in Latest KEV Update

2 min readSource: CISA Cybersecurity Advisories

CISA adds four critical vulnerabilities with confirmed active exploitation to its KEV Catalog, urging federal agencies and organizations to apply patches immediately.

CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The update, issued on January 22, 2026, mandates federal civilian executive branch (FCEB) agencies to remediate these flaws by February 12, 2026, under Binding Operational Directive (BOD) 22-01.

Technical Details of the Vulnerabilities

The newly added vulnerabilities include:

  1. CVE-2023-46805 (CVSS: 9.8) – Authentication bypass in Ivanti Connect Secure and Policy Secure Gateways, enabling unauthorized access to restricted resources.
  2. CVE-2024-21887 (CVSS: 9.1) – Command injection flaw in Ivanti Connect Secure and Policy Secure, allowing authenticated administrators to execute arbitrary commands.
  3. CVE-2024-23897 (CVSS: 9.8) – Arbitrary file read vulnerability in Jenkins, permitting attackers to access sensitive files via the built-in command-line interface (CLI).
  4. CVE-2024-27198 (CVSS: 9.8) – Authentication bypass in JetBrains TeamCity, enabling unauthenticated attackers to gain administrative control of affected servers.

These vulnerabilities affect widely used enterprise and development tools, posing significant risks to organizations if left unpatched.

Impact Analysis

  • CVE-2023-46805 & CVE-2024-21887: Exploitation of these Ivanti flaws has been linked to targeted attacks, including those by advanced persistent threat (APT) groups. Successful exploitation could lead to lateral movement, data exfiltration, or deployment of additional malware.
  • CVE-2024-23897: Attackers leveraging this Jenkins vulnerability could extract credentials, API keys, or other sensitive data, facilitating further compromise.
  • CVE-2024-27198: The TeamCity flaw has been exploited to deploy ransomware and cryptocurrency miners, with reports of widespread scanning for vulnerable instances.

Recommended Actions

CISA urges all organizations—particularly federal agencies—to prioritize patching these vulnerabilities. Key steps include:

  • Immediate Patch Deployment: Apply vendor-provided updates for Ivanti, Jenkins, and JetBrains products without delay.
  • Network Segmentation: Isolate vulnerable systems to limit potential lateral movement.
  • Monitoring for Exploitation: Deploy intrusion detection/prevention systems (IDS/IPS) to detect signs of compromise.
  • Incident Response: Organizations should review logs for indicators of exploitation and prepare for potential incident response actions.

For federal agencies, compliance with BOD 22-01 is mandatory. Private sector organizations are strongly encouraged to follow CISA’s guidance to mitigate risks.

For more details, refer to CISA’s official advisory.

Share

TwitterLinkedIn