The **Cybersecurity and Infrastructure Security Agency (CISA)** has updated its **Known Exploited Vulnerabilities (KEV) Catalog** with three new entries, based on evidence of active exploitation in the wild. This action underscores the critical need for organizations to prioritize and remediate these flaws to mitigate potential cyberattacks. ### New Vulnerabilities Added The newly added vulnerabilities are: * **CVE-2026-8398**: Daemon Tools Lite Embedded Malicious Code Vulnerability * **CVE-2026-45321**: TanStack Unspecified Vulnerability * **CVE-2026-48027**: Nx Console Embedded Malicious Code Vulnerability These vulnerabilities represent significant attack vectors for malicious actors, potentially leading to severe consequences for affected systems and networks. ### Importance of the KEV Catalog The KEV Catalog serves as a crucial resource for identifying vulnerabilities that are actively being exploited. **Binding Operational Directive (BOD) 22-01**, titled "Reducing the Significant Risk of Known Exploited Vulnerabilities," mandates that Federal Civilian Executive Branch (FCEB) agencies remediate vulnerabilities listed in the KEV Catalog by specified due dates. This directive aims to protect FCEB networks from ongoing threats. For more information, refer to the [BOD 22-01 Fact Sheet](https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf). ### Recommendation for All Organizations While BOD 22-01 is specifically applicable to FCEB agencies, CISA strongly advises all organizations to proactively manage their vulnerability landscape by prioritizing the timely remediation of vulnerabilities listed in the KEV Catalog. By doing so, organizations can significantly reduce their exposure to potential cyberattacks. CISA continues to actively monitor the threat landscape and will add vulnerabilities to the KEV Catalog as they meet the [specified criteria](https://www.cisa.gov/known-exploited-vulnerabilities). Regular review and action on the KEV Catalog is a critical component of a robust cybersecurity posture.