Skip to content
.ca
sign in
2 minhigh

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven actively exploited vulnerabilities affecting Microsoft, Adobe, and Fortinet products to its Known Exploited Vulnerabilities (KEV) Catalog, urging immediate remediation across all organizations to reduce exposure to cyberattacks.

Sens:ImmediateConf:highAnalyzed:2026-04-13reports

Authors: CISA

VulnerabilityCISAExploited In The WildKEV

Source:CISA

Key Takeaways

  • CISA added seven new vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation.
  • The vulnerabilities impact products from Microsoft, Adobe, and Fortinet.
  • Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate these vulnerabilities under BOD 22-01.
  • All organizations are strongly urged to prioritize patching these actively exploited vulnerabilities to reduce cyber risk.

Affected Systems

  • Microsoft Visual Basic for Applications
  • Adobe Acrobat
  • Adobe Reader
  • Microsoft Exchange Server
  • Microsoft Windows
  • Fortinet

Vulnerabilities (CVEs)

  • CVE-2012-1854
  • CVE-2020-9715
  • CVE-2023-21529
  • CVE-2023-36424
  • CVE-2025-60710
  • CVE-2026-21643
  • CVE-2026-34621

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

No specific detection rules or queries are provided in the alert.

Detection Engineering Assessment

EDR Visibility: Low — The alert is a high-level vulnerability notification and does not provide specific behavioral indicators or telemetry for EDR detection. Network Visibility: Low — No specific network signatures or traffic patterns are detailed in the alert. Detection Difficulty: Moderate — Detection relies on accurate vulnerability scanning and patch management auditing rather than behavioral threat hunting.

Required Log Sources

  • Vulnerability Management Scanners
  • Patch Management Logs

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
Identify unpatched systems vulnerable to the newly added KEVs by querying vulnerability management platforms and patch deployment logs.Vulnerability ScansInitial AccessLow

Control Gaps

  • Delayed patch management cycles
  • Lack of continuous vulnerability scanning

False Positive Assessment

  • Low

Recommendations

Immediate Mitigation

  • Scan the environment for instances of the seven identified CVEs.
  • Apply vendor-supplied patches or workarounds for the affected Microsoft, Adobe, and Fortinet products immediately.

Infrastructure Hardening

  • Implement a robust vulnerability management program that prioritizes remediation of CISA KEVs.

User Protection

  • Ensure endpoint software, specifically Adobe Acrobat and Reader, are updated to the latest secure versions.

Security Awareness

  • Educate IT and security teams on the requirements and urgency of CISA BOD 22-01.

MITRE ATT&CK Mapping

  • T1190 - Exploit Public-Facing Application

Related