CISA KEV Articles

Ivanti EPMM Zero-Days Chained for Unauthenticated RCE, Already Exploited in the Wild

Two chained Ivanti EPMM vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS 9.8) allow unauthenticated RCE via Bash command injection. CISA gave federal agencies only 3 days to patch.

January 30, 2026 Ivanti zero-day vulnerability

SolarWinds Patches Critical RCE and Auth Bypass Flaws in Web Help Desk

Four critical vulnerabilities in SolarWinds Web Help Desk allow unauthenticated remote code execution and authentication bypass. CISA confirms active exploitation with February 6 federal deadline.

January 29, 2026 SolarWinds RCE vulnerability

Fortinet Patches FortiCloud SSO Authentication Bypass Under Active Exploitation

CVE-2026-24858 allows attackers with any FortiCloud account to authenticate to other customers' devices. Arctic Wolf observed automated exploitation creating backdoor admin accounts within seconds.

January 27, 2026 Fortinet zero-day vulnerability

Critical Kubernetes Vulnerability Allows Container Escape and Full Cluster Takeover

CVE-2026-1483 rated CVSS 9.8 enables attackers with pod creation privileges to escape containers and seize control of entire clusters. CISA added to KEV catalog; exploitation observed within 48 hours of disclosure.

January 27, 2026 Kubernetes vulnerability container security

Cisco Patches Actively Exploited Zero-Day in Unified Communications and Webex

CVE-2026-20045, a CVSS 9.8 RCE flaw in Cisco Unified CM, is being actively exploited. No workaround exists—organizations must upgrade to 14SU5 or 15SU4 immediately.

January 22, 2026 Cisco zero-day CVE-2026-20045

Automated Attacks Exploit FortiCloud SSO to Hijack FortiGate Firewalls

Arctic Wolf detected automated attacks on FortiGate devices starting January 15, exploiting CVE-2026-24858 (CVSS 9.8) to create backdoor admin accounts. Fortinet temporarily suspended FortiCloud SSO globally to contain the threat.

January 22, 2026 Fortinet FortiGate zero-day