CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

SITREP: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including significant flaws in Cisco Catalyst SD-WAN Manager. These vulnerabilities are noted for their active exploitation in the wild. TACTICAL ASSESSMENT: The inclusion of these vulnerabilities in the KEV catalog indicates an urgent need for federal agencies and organizations to address these security gaps to prevent potential breaches. This move reflects an increasing focus on cybersecurity resilience amid rising threats. PROJECTED VECTORS: It is likely that federal agencies will prioritize patching these vulnerabilities ahead of the April-May 2026 deadlines to mitigate risks of exploitation.