The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows –
- CVE-2026-21643 (CVSS score: 9.1) – An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
- CVE-2020-9715 (CVSS score: 7.8) – A use-after-free vulnerability in Adobe Acrobat Reader that could result in remote code execution.
- CVE-2023-36424 (CVSS score: 7.8) – An out-of-bounds read vulnerability in Microsoft Windows Common Log File System Driver that could result in privilege escalation.
- CVE-2023-21529 (CVSS score: 8.8) – A deserialization of untrusted data in Microsoft Exchange Server that could allow an authenticated attacker to achieve remote code execution.
- CVE-2025-60710 (CVSS score: 7.8) – An improper link resolution before file access vulnerability in Host Process for Windows Tasks that could allow an authorized attacker to elevate privileges locally.
- CVE-2012-1854 (CVSS score: 7.8) – An insecure library loading vulnerability in Microsoft Visual Basic for Applications (VBA) that could result in remote code execution.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The addition of CVE-2026-21643 to the KEV catalog comes after Defused Cyber said it detected exploitation attempts targeting the flaw since March 24, 2026. Last week, Microsoft revealed that a threat actor it tracks as Storm-1175 has been weaponizing CVE-2023-21529 in attacks to deliver Medusa ransomware.
As for CVE-2012-1854, the Windows makeracknowledged in an advisory released in July 2012 that it’s aware of “limited, targeted attacks” attempting to abuse the vulnerability. The exact nature of the attacks is presently unknown.
There are currently no public reports referencing the exploitation of the remaining three vulnerabilities. In light of active attacks, Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes by April 27, 2026.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025