CISA added four vulnerabilities to its Known Exploited Vulnerabilities Catalog—CVE-2024-43468, CVE-2025-15556, CVE-2025-40536, and CVE-2026-20700—based on evidence of active exploitation. FCEB agencies must remediate KEV-listed CVEs under BOD 22-01, and CISA urges all organizations to prioritize timely remediation to reduce exposure. #MicrosoftConfigurationManager #SolarWindsWebHelpDesk
Keypoints
- CISA added four actively exploited CVEs to the KEV Catalog.
- The affected products include Microsoft Configuration Manager, Notepad++, SolarWinds Web Help Desk, and multiple Apple components.
- BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV-listed vulnerabilities by the specified due dates.
- CISA strongly urges all organizations to prioritize timely remediation of KEV vulnerabilities to reduce attack surface and risk.
- CISA will continue to update the KEV Catalog as new evidence of exploitation emerges.