---
title: "CISA Warns of 3 Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds 3 critical exploited vulnerabilities"
description: "CISA has added three new actively exploited vulnerabilities to its KEV catalog. Learn about the risks, affected systems, and mitigation steps to protect your network."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve, cybersecurity, vulnerability-management, active-exploitation]
score: 0.87
cve_ids: [CVE-2026-7473, CVE-2026-11645, CVE-2026-20245]
---
## TL;DR
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation. These flaws affect Arista EOS, Google Chromium V8, and Cisco Catalyst SD-WAN Manager, posing significant risks to federal and enterprise networks. Organizations are urged to patch immediately to mitigate potential attacks.
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its warnings after adding three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively being exploited by malicious cyber actors, making timely remediation essential for all organizations—especially federal agencies bound by Binding Operational Directive (BOD) 22-01.
### Key Points
- Three new vulnerabilities have been added to CISA’s KEV Catalog, all with evidence of active exploitation.
- Affected systems include Arista Extensible Operating System (EOS), Google Chromium V8, and Cisco Catalyst SD-WAN Manager.
- Federal agencies must patch these vulnerabilities by the specified deadlines to comply with BOD 22-01.
- All organizations are strongly encouraged to prioritize remediation to reduce exposure to cyberattacks.
Technical Details
1. CVE-2026-7473 – Arista EOS Incomplete Comparison Vulnerability
- Type: Incomplete comparison with missing factors.
- Impact: Exploitation could allow attackers to bypass security controls or execute unauthorized commands on affected Arista EOS devices.
- Affected Systems: Arista Extensible Operating System (EOS) versions vulnerable to incomplete comparison logic.
2. CVE-2026-11645 – Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
- Type: Out-of-bounds read and write in the V8 JavaScript engine.
- Impact: Successful exploitation could lead to remote code execution (RCE), allowing attackers to take control of affected systems.
- Affected Systems: Google Chromium-based browsers (e.g., Chrome, Edge, Opera) running vulnerable V8 engine versions.
3. CVE-2026-20245 – Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
- Type: Improper encoding or escaping of output.
- Impact: Attackers could exploit this flaw to inject malicious code or manipulate system outputs, potentially leading to unauthorized access or data exfiltration.
- Affected Systems: Cisco Catalyst SD-WAN Manager deployments with improper output handling.
Impact Assessment
These vulnerabilities represent a high-risk threat to organizations due to their active exploitation in the wild. Malicious cyber actors often target unpatched systems to gain initial access, escalate privileges, or move laterally within networks. The inclusion of these flaws in CISA’s KEV Catalog underscores their severity and the urgent need for remediation.
- Federal agencies must comply with BOD 22-01, which mandates patching within specified timelines to protect federal civilian networks.
- Private sector organizations are also at risk, as cybercriminals frequently target enterprises with unpatched vulnerabilities to deploy ransomware, steal data, or disrupt operations.
Mitigation Steps
CISA recommends the following actions to mitigate these vulnerabilities:
1. Apply Patches Immediately
- Update Arista EOS, Google Chromium-based browsers, and Cisco Catalyst SD-WAN Manager to the latest secure versions.
- Follow vendor-specific guidance for patching and configuration changes.
2. Prioritize KEV Catalog Vulnerabilities
- Integrate CISA’s KEV Catalog into your vulnerability management program.
- Use automated tools to scan for and remediate known exploited vulnerabilities.
3. Monitor for Suspicious Activity
- Deploy intrusion detection/prevention systems (IDS/IPS) to monitor for signs of exploitation.
- Review logs for unusual activity, such as unauthorized access attempts or unexpected system behavior.
4. Educate Employees
- Train staff on recognizing phishing attempts and other social engineering tactics that may precede exploitation.
Conclusion
The addition of these three vulnerabilities to CISA’s Known Exploited Vulnerabilities Catalog serves as a critical reminder of the importance of proactive vulnerability management. Organizations must act swiftly to patch these flaws and reduce their exposure to cyber threats. While BOD 22-01 applies only to federal agencies, all organizations should prioritize remediation to safeguard their networks against active threats.
For more details, refer to CISA’s official advisories and vendor-specific patch notes. Stay vigilant, patch promptly, and ensure your systems are protected against evolving cyber risks.
## References
[^1]: CISA. "CISA Adds Three Known Exploited Vulnerabilities to Catalog". Retrieved 2025-01-24.
[^2]: CVE Details. "CVE-2026-7473". Retrieved 2025-01-24.
[^3]: CVE Details. "CVE-2026-11645". Retrieved 2025-01-24.
[^4]: CVE Details. "CVE-2026-20245". Retrieved 2025-01-24.
[^5]: CISA. "Binding Operational Directive 22-01". Retrieved 2025-01-24.