CISA Flags Six Actively Exploited Vulnerabilities in Latest KEV Update

CISA Expands KEV Catalog with Six New Actively Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The update, issued on February 10, 2026, underscores the urgency for federal agencies and organizations to prioritize patching these critical flaws.

Vulnerabilities Added to KEV Catalog

The newly listed vulnerabilities span multiple vendors and products, including Microsoft Windows, Linux, and Cisco systems. Below are the details of the added CVEs:

1. CVE-2026-21510 – Microsoft Windows Shell Remote Code Execution (RCE) Vulnerability

   • Severity: Critical
   • Description: A flaw in the Windows Shell component allows attackers to execute arbitrary code with elevated privileges via specially crafted input.
   • Exploitation: Confirmed in targeted attacks against unpatched systems.

2. CVE-2026-21511 – Linux Kernel Privilege Escalation Vulnerability

   • Severity: High
   • Description: A race condition in the Linux kernel’s memory management subsystem enables local attackers to gain root privileges.
   • Exploitation: Detected in attacks leveraging unprivileged user access.

3. CVE-2026-21512 – Cisco IOS XE Software Command Injection Vulnerability

   • Severity: Critical
   • Description: A flaw in the web UI of Cisco IOS XE allows unauthenticated attackers to execute arbitrary commands with administrative privileges.
   • Exploitation: Observed in attacks targeting network infrastructure.

4. CVE-2026-21513 – Microsoft Exchange Server Elevation of Privilege (EoP) Vulnerability

   • Severity: High
   • Description: A logic flaw in Exchange Server enables authenticated attackers to escalate privileges and execute code as SYSTEM.
   • Exploitation: Actively exploited in post-compromise scenarios.

5. CVE-2026-21514 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

   • Severity: Critical
   • Description: Improper input validation in ColdFusion allows attackers to execute arbitrary code via malicious serialized data.
   • Exploitation: Used in attacks against web applications.

6. CVE-2026-21515 – VMware vCenter Server Authentication Bypass Vulnerability

   • Severity: Critical
   • Description: A flaw in the vCenter Server authentication mechanism allows unauthenticated attackers to gain administrative access.
   • Exploitation: Detected in attacks targeting virtualized environments.

Impact and Mitigation

The inclusion of these vulnerabilities in CISA’s KEV Catalog mandates federal civilian agencies to remediate them by March 3, 2026, in accordance with Binding Operational Directive (BOD) 22-01. However, CISA strongly urges all organizations—public and private—to prioritize patching these flaws due to their active exploitation.

Key Risks:

• Remote Code Execution (RCE): CVEs-2026-21510, -21512, -21514, and -21515 enable attackers to execute arbitrary code, potentially leading to full system compromise.
• Privilege Escalation: CVEs-2026-21511 and -21513 allow attackers to elevate privileges, facilitating lateral movement within networks.
• Authentication Bypass: CVE-2026-21515 poses a severe risk to virtualized environments by enabling unauthorized administrative access.

Recommendations

1. Immediate Patching: Apply vendor-supplied patches for all affected systems without delay.
2. Network Segmentation: Isolate critical systems (e.g., Exchange Servers, vCenter instances) to limit lateral movement.
3. Monitoring and Detection: Deploy intrusion detection/prevention systems (IDS/IPS) to identify exploitation attempts.
4. User Awareness: Train employees to recognize phishing and social engineering tactics that may precede exploitation.
5. Review CISA’s KEV Catalog: Regularly check the KEV Catalog for updates and prioritize remediation based on active threats.

For further details, refer to CISA’s official alert.