#CISA

NIST NVD goes risk-based: which SCA tools still miss Deferred CVEs

NVD API queries: kernel CVEs return Analyzed but SuperAGI CVE-2026-6584 stays Deferred with no CPE. Maps Snyk, Trivy, Grype, Dependabot, OSV-Scanner reliance on NVD vs GHSA/OSV.

Apache ActiveMQ Jolokia API RCE CVE-2026-34197 Added to CISA KEV, April 30 Deadline for Federal Agencies

CVE-2026-34197 (CVSS 8.8), an RCE in Apache ActiveMQ Classic that lurked for 13 years, was added to the CISA KEV catalog. Authenticated attackers can achieve remote code execution via the Jolokia API. Affects versions below 5.19.4 and 6.0.0–6.2.2.

April 2026 Patch Tuesday: 163 CVEs Patched, SharePoint Zero-Day Exploited in the Wild, BlueHammer PoC Published

Microsoft's second-largest Patch Tuesday ever. SharePoint Server XSS zero-day (CVSS 6.5) confirmed in active exploitation and added to CISA KEV. Windows Defender BlueHammer LPE (CVSS 7.8) has a full public PoC. Also includes a wormable IKE RCE at CVSS 9.8.

CISA KEV Adds 7 Fortinet, Microsoft, and Adobe Vulnerabilities (April 13)

CISA added 7 actively exploited vulnerabilities to the KEV catalog including FortiClient EMS SQL injection (CVSS 9.1). Federal deadline is April 16 for Fortinet, April 27 for the remaining six.

F5 BIG-IP APM's unauthenticated RCE lands in CISA KEV after Chinese APT source-code theft

F5 BIG-IP APM vulnerability CVE-2025-53521, a CVSS 9.8 unauthenticated RCE, was added to CISA's KEV catalog. It had originally been classified as DoS, but was reclassified after a China-linked APT that compromised F5's network stole source code and vulnerability details. Federal agencies must respond by March 30, 2026.

CISA adds five Craft CMS, Laravel, and Apple WebKit flaws to KEV, with an April 3 patch deadline

Five vulnerabilities confirmed exploited by MuddyWater and DarkSword were added to the KEV catalog. Craft CMS is a CVSS 10.0 zero-day that has seen active exploitation since February, and Laravel Livewire is being used by MuddyWater against Middle East infrastructure.

Multiple n8n RCE vulnerabilities and a CISA KEV listing leave 24,700 instances unpatched

Multiple severe RCE vulnerabilities were found in n8n's workflow expression evaluation. CVE-2025-68613 (CVSS 9.9) was added to CISA's KEV catalog and is confirmed to be actively exploited. Another unauthenticated issue, CVE-2026-27493 (CVSS 9.5), also requires immediate patching.

CyberStrikeAI compromised 600 FortiGates, Cloudflare shipped always-on WAF detection, RFC 9849 standardized ECH, and VMware Aria landed in KEV

Four infrastructure-security stories from early March 2026: AI attack tool CyberStrikeAI compromising 600 FortiGates, Cloudflare's split detection/blocking WAF architecture, standardization of TLS Encrypted Client Hello, and CISA's KEV addition for VMware Aria Operations.

Four Critical Vulnerabilities Added to CISA KEV (From a Chromium Zero-Day to Default RCE)

In the same week, CISA's KEV catalog gained a Chromium CSS engine UAF, a Roundcube RCE that hid for over a decade, a BeyondTrust RCE abused by ransomware, and a Dagu RCE due to no default authentication. All four require immediate patching.

CISA Adds Four Actively Exploited Vulnerabilities to the KEV Catalog

In its February 2026 KEV catalog update, CISA added four vulnerabilities, including a Google Chrome use-after-free flaw (CVE-2026-2441). One of them dates back 17 years.