CISA added six security flaws to its Known Exploited Vulnerabilities catalog after citing evidence of active exploitation. Notable entries include an SQL injection in Fortinet FortiClient EMS observed being probed since March 24, 2026 and a Microsoft Exchange deserialization flaw that Microsoft says Storm-1175 has used to deliver Medusa ransomware, #Medusa #Storm-1175
Keypoints
- CISA added six vulnerabilities to the KEV catalog due to evidence of active exploitation.
- CVE-2026-21643 is an SQL injection in Fortinet FortiClient EMS with exploitation attempts detected since March 24, 2026.
- Microsoft reports threat actor Storm-1175 is weaponizing CVE-2023-21529 in attacks to deliver Medusa ransomware.
- Other listed flaws affect Adobe Acrobat Reader (CVE-2020-9715), Windows CLFS driver (CVE-2023-36424), Host Process for Windows Tasks (CVE-2025-60710), and VBA library loading (CVE-2012-1854).
- Federal Civilian Executive Branch agencies are required to apply the fixes by April 27, 2026.
Read More: https://thehackernews.com/2026/04/cisa-adds-6-known-exploited-flaws-in.html