CISA added critical vulnerabilities in Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux kernel to its Known Exploited Vulnerabilities catalog, flagging multiple flaws that enable privilege escalation, remote code execution, and authentication bypass. Notable entries include the Mutagen Astronomy Linux kernel integer overflow, an actively exploited Microsoft Office security bypass (CVE-2026-21509), a long-standing GNU InetUtils telnetd root vulnerability, and SmarterMail arbitrary file upload RCEs, with federal agencies ordered to remediate by February 16, 2026. #MutagenAstronomy #SmarterMail
Keypoints
- CISA added CVE-2018-14634, CVE-2025-52691, CVE-2026-21509, CVE-2026-23760, and CVE-2026-24061 to the KEV catalog.
- CVE-2018-14634 (Mutagen Astronomy) is a Linux kernel integer overflow that enables local privilege escalation to root.
- CVE-2026-21509 is an actively exploited Microsoft Office security feature bypass that requires a user to open a malicious file.
- CVE-2026-24061 is a critical GNU InetUtils telnetd vulnerability introduced in 2015 that can lead to root access.
- CVE-2025-52691 and CVE-2026-23760 affect SmarterMail, with CVE-2025-52691 allowing unauthenticated arbitrary file upload and potential RCE, and agencies must patch by Feb 16, 2026.