CISA has added two actively exploited vulnerabilities, CVE-2009-0238 (Microsoft Office RCE) and CVE-2026-32201 (Microsoft SharePoint Server Improper Input Validation), to its Known Exploited Vulnerabilities (KEV) Catalog. Organizations are strongly urged to prioritize timely remediation of these vulnerabilities to reduce their exposure to cyberattacks.