CISA has added five new actively exploited vulnerabilities to their Known Exploited Vulnerabilities (KEV) catalog, requiring immediate attention from federal agencies and recommended action for private sector organizations. These vulnerabilities affect multiple critical systems and require urgent patching.
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with five new critical vulnerabilities that are being actively exploited in the wild. This update represents an urgent security concern as these vulnerabilities are being leveraged by threat actors in ongoing campaigns. Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities according to CISA's Binding Operational Directive (BOD) 22-01, with specific deadlines for each vulnerability. While private sector organizations are not bound by these requirements, CISA strongly recommends implementing the prescribed mitigations given the active exploitation status.
On March 21, 2026, CISA announced the addition of five new vulnerabilities to their KEV catalog, indicating active exploitation and requiring immediate attention from security teams. These vulnerabilities represent significant risk to organizations across multiple sectors.
The newly added vulnerabilities affect various systems and services commonly found in enterprise environments. While specific details are pending full advisory publication, organizations should prepare for comprehensive patching operations.
The inclusion of these vulnerabilities in the KEV catalog indicates:
Organizations should monitor for:
A recent hack of an implantable orthopedic device maker has significant implications for the healthcare and medical device sectors. The breach highlights the vulnerability of connected medical devices to cyber threats. As of April 1, 2026, the incident is under investigation.
A critical out-of-bounds read vulnerability in Citrix NetScaler systems poses significant risks to enterprise infrastructure. The vulnerability affects ADC and Gateway appliances, potentially enabling unauthorized access and system compromise.
A critical vulnerability (CVE-2026-25645) has been identified in the Python Requests library's extract_zipped_paths() utility function, enabling potential arbitrary file writes through insecure temporary file handling. This vulnerability affects applications using the Requests library for handling zipped file paths.
A severe denial-of-service vulnerability has been discovered in the widely-used python-ecdsa cryptographic library. The flaw allows attackers to crash applications by exploiting improper DER length validation in crafted private keys.