The **Cybersecurity and Infrastructure Security Agency (CISA)** has updated its [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) with a newly identified vulnerability actively being exploited in the wild. ### New Vulnerability Added The latest addition to the KEV catalog is: * [CVE-2026-31431](https://www.cve.org/CVERecord?id=CVE-2026-31431): Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability This vulnerability involves an incorrect resource transfer between spheres within the **Linux Kernel**, making it a prime target for malicious actors. ### Significance of the KEV Catalog The KEV Catalog serves as a crucial resource for identifying vulnerabilities that are known to be actively exploited. **CISA**'s [Binding Operational Directive (BOD) 22-01](https://www.cisa.gov/binding-operational-directive-22-01), titled "Reducing the Significant Risk of Known Exploited Vulnerabilities," mandates that Federal Civilian Executive Branch (FCEB) agencies remediate these identified vulnerabilities by specified deadlines. This directive aims to safeguard FCEB networks from ongoing threats. For more detailed information, refer to the [BOD 22-01 Fact Sheet](https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf). ### Recommendation for All Organizations While BOD 22-01 is specifically applicable to FCEB agencies, **CISA** strongly advises all organizations to prioritize the timely remediation of vulnerabilities listed in the KEV Catalog. Integrating this practice into vulnerability management protocols is essential for minimizing exposure to cyberattacks. **CISA** will continue to update the catalog with vulnerabilities meeting the [specified criteria](https://www.cisa.gov/known-exploited-vulnerabilities).