Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, affecting Fortinet, Microsoft, and Adobe software, are reportedly under active exploitation.

Key Points

• CISA added six vulnerabilities to the KEV catalog on Monday.
• CVE-2026-21643, with a CVSS score of 9.1, is an SQL injection vulnerability in Fortinet FortiClient EMS.
• The vulnerabilities are actively exploited, posing significant security risks.
• The KEV catalog is used to highlight vulnerabilities that are being actively targeted by attackers.

Analysis

The inclusion of these vulnerabilities in the KEV catalog underscores the critical nature of these security flaws. Active exploitation indicates that attackers are currently leveraging these vulnerabilities, making it imperative for organizations using the affected software to prioritize patching and mitigation efforts. The high CVSS score of CVE-2026-21643 highlights the potential impact of the Fortinet vulnerability.

Conclusion

IT professionals should immediately review their systems for the listed vulnerabilities and apply patches or mitigations as soon as possible. Staying informed about the KEV catalog updates is crucial to maintaining robust cybersecurity defenses.