---
title: "CISA Warns of 7 Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds 7 exploited vulnerabilities to KEV catalog"
description: "CISA updates its KEV catalog with 7 actively exploited vulnerabilities, including flaws in Microsoft, Adobe, and Fortinet. Learn risks, impacts, and mitigation steps."
author: "Vitus"
date: 2024-04-13
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, known exploited vulnerabilities, cve, cybersecurity, patch management]
score: 0.87
cve_ids: [CVE-2012-1854, CVE-2020-9715, CVE-2023-21529, CVE-2023-36424, CVE-2025-60710, CVE-2026-21643, CVE-2026-34621]
---
TL;DR
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These flaws, affecting Microsoft, Adobe, and Fortinet products, pose significant risks to federal and private sector networks. Organizations are urged to patch immediately to mitigate potential cyberattacks.
---
Main Content
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated its warnings after confirming active exploitation of seven critical vulnerabilities. These flaws, spanning legacy and recent software, have been added to the Known Exploited Vulnerabilities (KEV) Catalog, a repository of threats that demand urgent attention from organizations worldwide.
Key Points
- CISA’s KEV Catalog now includes seven new vulnerabilities based on evidence of active exploitation in the wild.
- Affected vendors include Microsoft, Adobe, and Fortinet, with flaws ranging from insecure library loading to SQL injection and prototype pollution.
- Federal agencies are required to remediate these vulnerabilities by specified deadlines under Binding Operational Directive (BOD) 22-01.
- All organizations, not just federal agencies, are strongly encouraged to prioritize patching these vulnerabilities to reduce exposure to cyberattacks.
---
Technical Details
The newly added vulnerabilities are diverse in nature and impact, reflecting the evolving tactics of threat actors. Below is a breakdown of each flaw:
| CVE ID | Affected Product | Vulnerability Type | Year |
|-----------------------|------------------------------------|--------------------------------------------|----------|
| CVE-2012-1854 | Microsoft Visual Basic for Applications | Insecure Library Loading | 2012 |
| CVE-2020-9715 | Adobe Acrobat | Use-After-Free | 2020 |
| CVE-2023-21529 | Microsoft Exchange Server | Deserialization of Untrusted Data | 2023 |
| CVE-2023-36424 | Microsoft Windows | Out-of-Bounds Read | 2023 |
| CVE-2025-60710 | Microsoft Windows | Link Following | 2025 |
| CVE-2026-21643 | Fortinet Products | SQL Injection | 2026 |
| CVE-2026-34621 | Adobe Acrobat and Reader | Prototype Pollution | 2026 |
#### Notable Vulnerabilities Explained
1. CVE-2012-1854 (Microsoft VBA)
- A legacy vulnerability in Microsoft Visual Basic for Applications (VBA) that allows attackers to load malicious libraries. Despite its age, it remains a target for threat actors exploiting unpatched systems.
2. CVE-2026-21643 (Fortinet SQL Injection)
- A recently discovered SQL injection flaw in Fortinet products, enabling attackers to execute arbitrary SQL commands. Such vulnerabilities are highly sought after for data exfiltration and unauthorized access.
3. CVE-2026-34621 (Adobe Prototype Pollution)
- A prototype pollution vulnerability in Adobe Acrobat and Reader, allowing attackers to manipulate JavaScript objects and potentially execute arbitrary code. This flaw highlights the risks associated with PDF-based attack vectors.
---
Impact Assessment
#### Why These Vulnerabilities Matter
- Active Exploitation: Each of these vulnerabilities has been confirmed as actively exploited, meaning threat actors are already leveraging them to compromise systems.
- Federal Mandate: Under BOD 22-01, federal agencies must remediate these flaws within strict timelines to protect critical infrastructure. Non-compliance could result in increased regulatory scrutiny and heightened risk of breaches.
- Broader Threat to Enterprises: While BOD 22-01 applies only to federal agencies, all organizations are at risk. Cybercriminals often target unpatched vulnerabilities in widely used software like Microsoft Windows, Adobe Acrobat, and Fortinet products.
#### Potential Attack Scenarios
- Ransomware Deployment: Vulnerabilities like CVE-2023-21529 (Microsoft Exchange) could be exploited to gain initial access, leading to ransomware attacks.
- Data Theft: SQL injection flaws (CVE-2026-21643) enable attackers to steal sensitive data from databases.
- Malware Distribution: Legacy flaws (CVE-2012-1854) can be used to distribute malware via malicious documents or scripts.
---
Mitigation Steps
CISA urges organizations to take the following actions immediately:
1. Patch Management
- Apply vendor-provided patches for all seven vulnerabilities without delay.
- Prioritize systems exposed to the internet, such as email servers (Microsoft Exchange) and PDF readers (Adobe Acrobat).
2. Vulnerability Scanning
- Use automated tools to scan for these vulnerabilities across your network.
- Focus on legacy systems that may have been overlooked in previous patch cycles.
3. Network Segmentation
- Isolate critical systems to limit the spread of an attack if a vulnerability is exploited.
4. Monitor for Exploitation
- Deploy intrusion detection systems (IDS) to monitor for signs of exploitation, such as unusual SQL queries or unauthorized library loading.
5. Employee Training
- Educate staff on phishing risks, as many of these vulnerabilities can be exploited via malicious documents or links.
---
Conclusion
CISA’s addition of these seven vulnerabilities to the KEV Catalog serves as a stark reminder of the persistent and evolving threat landscape. Organizations must treat these warnings as urgent priorities, not just for compliance but to protect their data, reputation, and operations.
While federal agencies are bound by BOD 22-01, private sector organizations must also act swiftly. Proactive patching, continuous monitoring, and robust cybersecurity practices are essential to staying ahead of threat actors. Failure to address these vulnerabilities could result in catastrophic breaches, financial losses, and long-term damage to customer trust.
For more details, refer to CISA’s official advisory [here](https://www.cisa.gov/news-events/alerts/2026/04/13/cisa-adds-seven-known-exploited-vulnerabilities-catalog).
---
References
[^1]: CISA. "[CISA Adds Seven Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2026/04/13/cisa-adds-seven-known-exploited-vulnerabilities-catalog)". Retrieved 2024-04-13.
[^2]: MITRE. "[CVE-2012-1854 Detail](https://www.cve.org/CVERecord?id=CVE-2012-1854)". Retrieved 2024-04-13.
[^3]: MITRE. "[CVE-2026-21643 Detail](https://www.cve.org/CVERecord?id=CVE-2026-21643)". Retrieved 2024-04-13.