The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation in the wild.
New KEV Additions (January 26, 2026)
| CVE ID | Product | Vulnerability Type |
|---|---|---|
| CVE-2018-14634 | Linux Kernel | Integer Overflow |
| CVE-2025-52691 | SmarterTools SmarterMail | Unrestricted Upload |
| CVE-2026-21509 | Microsoft Office | Security Feature Bypass |
| CVE-2026-23760 | SmarterTools SmarterMail | Authentication Bypass |
| CVE-2026-24061 | GNU InetUtils | Argument Injection |
Notable Inclusions
CVE-2018-14634 is particularly concerning as it demonstrates that attackers continue to exploit older vulnerabilities. Organizations may have overlooked this Linux kernel integer overflow flaw, assuming it was no longer relevant.
CVE-2026-21509 affects Microsoft Office and has been actively exploited to bypass OLE mitigations, prompting Microsoft to release an emergency patch.
Compliance Requirements
Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities by the specified due dates.
Private organizations should use the KEV catalog as an input to vulnerability management prioritization, as these flaws represent confirmed, real-world attack vectors.
Previous January Additions
On January 22, 2026, CISA also added four vulnerabilities including flaws in Vite, Versa Concerto, Prettier eslint-config-prettier (embedded malicious code), and Zimbra Collaboration Suite.