CISA added Lantronix EDS5000 CVE-2025-67038 to KEV. Patch affected serial device servers, restrict management access, and verify industrial network exposure.
CISA added three critical Ubiquiti UniFi OS CVEs to KEV. Patch UniFi OS, restrict management access, review admins and logs, and verify controller backups.
CISA added Joomla Content Editor CVE-2026-48907 to KEV. Update JCE Pro to 2.9.99.6 or later, apply the vendor patch package for older sites, and review Joomla for cleanup.
CISA added Cisco Catalyst SD-WAN Manager CVE-2026-20262 to KEV on June 15, 2026. Patch fixed software, restrict management access, and review admin activity.
CISA KEV now lists Oracle PeopleSoft CVE-2026-35273. Apply Oracle mitigation guidance, restrict HTTP exposure, review logs, and plan patch work.
CISA added Arista EOS CVE-2026-7473 to KEV on June 9, 2026. Patch affected EOS switches, review VXLAN/GRE decapsulation exposure, and verify fabric behavior.
CISA added Cisco Catalyst SD-WAN Manager CVE-2026-20245 to KEV on June 9, 2026. Patch SD-WAN Manager, review edge configuration changes, and protect management access.
CISA added Chrome CVE-2026-11645 to KEV on June 9, 2026. Patch Chrome and Chromium-based admin browsers, restart, verify versions, and review risky sessions.
CISA added LiteLLM CVE-2026-42271 to KEV on June 8, 2026. Patch AI gateways, restrict exposed proxy access, rotate keys where needed, and verify routes.
CISA added Check Point Security Gateway CVE-2026-50751 to KEV on June 8, 2026. Patch affected VPN gateways, review IKEv1 exposure, audit logs, and verify remote access.
