CISA Adds Cisco SD-WAN and LiteSpeed cPanel Flaws to KEV Catalog Amid Active Exploitation
The Cybersecurity and Infrastructure Security Agency (**CISA**) has updated its Known Exploited Vulnerabilities (**KEV**) Catalog, adding two critical flaws: one affecting **Cisco Catalyst SD-WAN Manager** and another impacting the **LiteSpeed cPanel Plugin**. These additions underscore the ongoing threat landscape, with both vulnerabilities actively exploited in the wild.
In a recent update, **CISA** has issued a critical alert by adding two new vulnerabilities to its **Known Exploited Vulnerabilities (KEV) Catalog**. This move is a direct response to confirmed evidence of active exploitation, signaling immediate threats to federal agencies and urging all organizations to take swift action.
The newly listed vulnerabilities are:
* **CVE-2026-20262**: A **Cisco Catalyst SD-WAN Manager** Directory or Path Traversal Vulnerability.
* **CVE-2026-54420**: A **LiteSpeed cPanel Plugin** UNIX Symbolic Link (Symlink) Following Vulnerability.
These types of vulnerabilities are frequently leveraged by malicious cyber actors, posing substantial risks across various enterprises, including critical infrastructure and federal systems.
### **CISA's Directive and Broader Implications**
The inclusion of these vulnerabilities in the **KEV Catalog** is particularly significant for Federal Civilian Executive Branch (**FCEB**) agencies. **CISA's Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk** mandates that these agencies prioritize the rapid remediation of high-risk vulnerabilities, especially those listed in the **KEV Catalog** that affect publicly exposed assets and grant total control post-exploitation. This directive also establishes clear expectations for agencies to assess potential system compromises *before* applying patches.
While **BOD 26-04** is specifically tailored for **FCEB** agencies, **CISA** strongly recommends that all organizations adopt a similar risk-based vulnerability management strategy. Prioritizing the remediation of **KEV Catalog** vulnerabilities is crucial for enhancing overall cybersecurity posture and mitigating potential breaches.
**CISA** continuously updates the **KEV Catalog** with vulnerabilities that meet specific criteria, including a **CVE ID**, evidence of exploitation, and clear mitigation guidance. Organizations aware of an actively exploited vulnerability not yet listed in the catalog are encouraged to submit it via the **KEV Nomination Form**.