---
title: "CISA Warns of Two Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds two critical exploited vulnerabilities"
description: "CISA has added CVE-2026-42271 and CVE-2026-50751 to its KEV Catalog due to active exploitation. Learn the risks and mitigation steps for these critical flaws."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2026-42271, cve-2026-50751, known-exploited-vulnerabilities, cybersecurity]
score: 0.92
cve_ids: [CVE-2026-42271, CVE-2026-50751]
---
## TL;DR
CISA has added two new vulnerabilities—CVE-2026-42271 (BerriAI LiteLLM Command Injection) and CVE-2026-50751 (Check Point Security Gateway Improper Authentication)—to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must patch immediately, but all organizations are urged to prioritize remediation to reduce exposure to cyberattacks.
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to two critical vulnerabilities after confirming their active exploitation in the wild. These flaws, now listed in the Known Exploited Vulnerabilities (KEV) Catalog, pose significant risks to federal agencies and private sector organizations alike. Timely remediation is essential to mitigate potential attacks leveraging these vulnerabilities.
### Key Points
- CVE-2026-42271: A command injection vulnerability in BerriAI LiteLLM, allowing attackers to execute arbitrary commands on affected systems.
- CVE-2026-50751: An improper authentication vulnerability in Check Point Security Gateway, enabling unauthorized access to sensitive networks.
- Binding Operational Directive (BOD) 22-01 mandates federal agencies to remediate these vulnerabilities by the specified due date.
- While BOD 22-01 applies to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly recommends all organizations prioritize patching these flaws.
Technical Details
#### CVE-2026-42271: BerriAI LiteLLM Command Injection Vulnerability
This vulnerability arises from insufficient input validation in BerriAI’s LiteLLM, a lightweight language model integration tool. Attackers can exploit this flaw by crafting malicious inputs that execute arbitrary commands on the host system. Successful exploitation could lead to full system compromise, data theft, or lateral movement within a network.
#### CVE-2026-50751: Check Point Security Gateway Improper Authentication Vulnerability
This flaw affects Check Point Security Gateway, a widely used firewall and VPN solution. The vulnerability stems from improper authentication mechanisms, allowing attackers to bypass security controls and gain unauthorized access to protected networks. Exploitation could result in data breaches, network infiltration, or disruption of critical services.
### Impact Assessment
The inclusion of these vulnerabilities in CISA’s KEV Catalog underscores their high severity and active exploitation. Malicious cyber actors frequently target such flaws to:
- Gain initial access to networks.
- Escalate privileges.
- Exfiltrate sensitive data.
- Deploy ransomware or other malware.
Federal agencies face mandatory remediation deadlines, but private sector organizations are equally at risk. Failure to patch these vulnerabilities could expose systems to targeted attacks, data breaches, and operational disruptions.
### Mitigation Steps
CISA urges all organizations to take the following actions:
1. Immediately apply patches for CVE-2026-42271 and CVE-2026-50751 as provided by the vendors.
2. Review network logs for signs of exploitation, such as unusual command execution or unauthorized access attempts.
3. Implement network segmentation to limit the spread of potential attacks.
4. Monitor for updates from CISA and vendors regarding additional mitigation guidance.
## Conclusion
The addition of CVE-2026-42271 and CVE-2026-50751 to CISA’s KEV Catalog serves as a critical reminder of the importance of proactive vulnerability management. While federal agencies are required to act, all organizations must prioritize patching these flaws to defend against evolving cyber threats. Stay vigilant, apply updates promptly, and adopt a risk-based approach to cybersecurity to safeguard critical assets.
## References
[^1]: CISA. "CISA Adds Two Known Exploited Vulnerabilities to Catalog". Retrieved 2025-01-24.
[^2]: CVE Details. "CVE-2026-42271". Retrieved 2025-01-24.
[^3]: CVE Details. "CVE-2026-50751". Retrieved 2025-01-24.
[^4]: CISA. "Binding Operational Directive 22-01". Retrieved 2025-01-24.