CISA has added two actively exploited vulnerabilities, CVE-2026-21385 (Qualcomm Memory Corruption) and CVE-2026-22719 (VMware Aria Operations Command Injection), to its Known Exploited Vulnerabilities (KEV) Catalog. Organizations are strongly urged to prioritize patching these flaws to reduce exposure to cyberattacks.