CISA Adds Three Actively Exploited Vulnerabilities to KEV Catalog
The **Cybersecurity and Infrastructure Security Agency (CISA)** has updated its **Known Exploited Vulnerabilities (KEV) Catalog** with three new entries, signaling active exploitation in the wild. These vulnerabilities, impacting popular content management and development tools, underscore the critical need for immediate remediation across federal agencies and the broader cybersecurity community.
# CISA Updates KEV Catalog: Urgent Patching for Three New Exploits
**CISA** has issued a critical update to its **Known Exploited Vulnerabilities (KEV) Catalog**, adding three new vulnerabilities based on confirmed evidence of active exploitation. This move highlights the persistent threat landscape and the importance of proactive vulnerability management.
The newly added vulnerabilities are:
* **CVE-2026-48908**: A JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability.
* **CVE-2026-55255**: A Langflow Authorization Bypass Through User-Controlled Key Vulnerability.
* **CVE-2026-56290**: A Joomlack Page Builder Improper Access Control Vulnerability.
These types of security flaws are frequently leveraged by malicious actors, posing significant risks to organizations, particularly within the federal enterprise.
## The Mandate of BOD 26-04
The inclusion of these vulnerabilities in the **KEV Catalog** directly triggers requirements outlined in **Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk**. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies prioritize the rapid remediation of high-risk vulnerabilities, especially those listed in the **KEV Catalog**, on publicly exposed assets that could lead to total system control post-exploitation. It also sets expectations for agencies to determine if systems were compromised before patches were applied.
While **BOD 26-04** specifically targets FCEB agencies, **CISA** strongly urges all organizations, regardless of sector, to adopt a risk-based vulnerability management strategy. Prioritizing the remediation of **KEV Catalog** vulnerabilities is a crucial step in bolstering overall cybersecurity posture.
## Contributing to the KEV Catalog
**CISA** continues to expand the catalog, adding vulnerabilities that meet specific criteria, including a **CVE ID**, clear evidence of exploitation, and actionable mitigation guidance. The agency encourages cybersecurity professionals to submit any observed exploited vulnerabilities not yet listed through their **KEV Nomination Form**.