CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
25.01.2026
11123
CISA added four actively exploited vulnerabilities to its KEV catalog, urging U.S. federal agencies to apply fixes by February 12, 2026.
CISA Drops Four New Vulns in KEV Catalog — Patch by Feb 12, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) just updated its Known Exploited Vulnerabilities (KEV) catalog with four fresh bugs that are actively being abused in the wild. This isn't a drill — U.S. federal agencies are now on the clock to patch these by February 12, 2026.
The KEV catalog is basically CISA's most-wanted list for vulnerabilities that threat actors are actively exploiting. When something lands here, it means real attacks are happening right now, not just theoretical risks.
Here's the breakdown of what got added:
- • Four new vulnerabilities added to CISA's KEV catalog
- • All are confirmed as actively exploited in the wild
- • U.S. federal agencies must apply patches by February 12, 2026
- • The KEV catalog tracks vulnerabilities with known active exploitation
While the specific CVE numbers and affected software aren't detailed in this snippet, the message is clear: if you're in federal IT, check your systems STAT. CISA doesn't add things to KEV for fun — these are confirmed attack vectors that need immediate attention.
The Binding Operational Directive (BOD) 22-01 requires federal agencies to patch KEV-listed vulnerabilities within specific timeframes. Missing that Feb 12 deadline? Not a good look for your security posture.
Private sector and international orgs should take note too — if nation-state actors or cybercriminals are hitting these vulns in government systems, your infrastructure might be next on the menu.
#CISA KEV catalog#active vulnerability exploitation#security patches#USA#CVE vulnerabilities
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
