The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently expanded its Known Exploited Vulnerabilities (KEV) catalog by adding six significant security flaws, highlighting ongoing concerns about active exploitation. This decision underscores the growing urgency for organizations to address these vulnerabilities to safeguard their systems.
One of the new entries, CVE-2026-21643, has been rated with a high CVSS score of 9.1. This vulnerability is linked to an SQL injection flaw in Fortinet’s FortiClient EMS. It raises serious alarm since it allows unauthorized attackers to execute arbitrary code or commands simply by sending specially crafted HTTP requests. Such a breach could lead to severe repercussions, including a full compromise of the affected systems.
Another noteworthy addition is CVE-2020-9715, which carries a CVSS score of 7.8. This vulnerability resides within Adobe Acrobat Reader and represents a use-after-free issue that has the potential to enable remote code execution. The implications for users can be grave as successful exploitation could lead to unauthorized access, data breaches, or system disruptions.
Similarly, CVE-2023-36424, also rated at 7.8, involves an out-of-bounds read vulnerability located in the Microsoft Windows Common Log File System Driver. If exploited, this could result in privilege escalation, giving attackers higher-level access to systems than originally permitted.
Additionally, CVE-2023-21529 has drawn attention due to its potential for significant harm. This vulnerability is found in the Microsoft Exchange Server and is characterized by the deserialization of untrusted data. Rated at 8.8 on the CVSS scale, it could permit an authenticated attacker to execute code remotely, further endangering organizational data integrity and system security.
The catalog also features CVE-2025-60710, another vulnerability rated at 7.8, which involves improper link resolution in the Host Process for Windows Tasks. Exploiting this weakness could allow an authorized attacker to elevate their privileges locally, enabling them to gain control over systems that should remain secured.
Finally, CVE-2012-1854, an insecurity in Microsoft Visual Basic for Applications (VBA), rounds out the list with a CVSS score of 7.8. This vulnerability has the potential to result in remote code execution, which again poses a serious risk to users and organizations employing VBA in their operations.
The impetus behind CISA’s updated advisory for CVE-2026-21643 stems from recent revelations by Defused Cyber, which reported detecting exploitation attempts directed at this particular flaw since March 24, 2026. The urgency of the situation was further highlighted when Microsoft disclosed evidence that a threat actor, identified as Storm-1175, has been actively exploiting CVE-2023-21529 to distribute Medusa ransomware. This underscores the evolving threat landscape that organizations face, particularly those using widely adopted software solutions like Microsoft Exchange.
Moreover, regarding the issue of CVE-2012-1854, Microsoft has acknowledged in an advisory from July 2012 that there had been “limited, targeted attacks” exploiting this vulnerability. However, details surrounding these attacks remain vague, leaving many in the cybersecurity community on high alert as to the full scope and nature of this threat.
As of now, there are no public reports of exploitation concerning the other three vulnerabilities mentioned. Nonetheless, responding to the reality of ongoing attacks, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies must apply necessary fixes by April 27, 2026. Specifically, patches for the FortiClient EMS vulnerability are required to be implemented by April 16, 2026.
The urgency of these updates cannot be overstated, particularly as cyber threats continue to evolve and multiply. Organizations must act swiftly to mitigate these vulnerabilities, ensuring their systems remain secure against the growing tide of cyber attacks. The recent additions to the KEV catalog serve as a stark reminder of the persistent vulnerabilities that can jeopardize the integrity of crucial infrastructure and sensitive data.