Ethical Hacking News
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. These newly added vulnerabilities highlight the ongoing threat landscape for organizations across various sectors, emphasizing the importance of proactive vulnerability management.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities catalog. The newly added vulnerabilities include Adobe Acrobat Reader, Fortinet SQL Injection, Microsoft Exchange Server Deserialization of Untrusted Data, and Microsoft Windows Link Following Vulnerability. CISA has also included a fifth entry for an Active Directory Privilege Escalation (ADPES) issue in the Windows operating system. Organizations are urged to review the CISA catalog and address the identified vulnerabilities to protect against potential attacks. The importance of proactive vulnerability management is emphasized, particularly in light of the ongoing threat landscape.
In a recent update to its list of known exploited vulnerabilities, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several high-risk vulnerabilities affecting popular software systems. These newly added flaws highlight the ongoing threat landscape for organizations across various sectors, emphasizing the importance of proactive vulnerability management.
The CISA catalog now includes four new entries: Adobe Acrobat Reader, Fortinet SQL Injection Vulnerability, Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability, and Microsoft Windows Link Following Vulnerability. A fifth entry, CVE-2026-34621, is attributed to an Active Directory Privilege Escalation (ADPES) issue in the Windows operating system.
These newly added vulnerabilities underscore the need for organizations to stay informed about the latest threat intelligence and take prompt action to address identified vulnerabilities. By integrating these updates into their vulnerability management processes, organizations can significantly reduce the risk of exploitation by cyber attackers.
The inclusion of the Adobe Acrobat Reader vulnerability in the CISA catalog comes as a result of an emergency patch released by Adobe. This critical flaw, tracked as CVE-2026-34621 (CVSS score of 8.6), has been actively exploited, allowing attackers to execute malicious code on affected systems. Prompt patching is essential to mitigate this risk.
In addition to the Adobe vulnerability, CISA has also added several other high-risk vulnerabilities affecting various components of the Microsoft Office suite. The newly added vulnerabilities include a Prototype Pollution Vulnerability (CVE-2023-21529) in Microsoft Exchange Server and an untrusted search path/DLL hijacking issue in Microsoft Office VBA (CVE-2012-1854).
Furthermore, the CISA catalog now includes Fortinet SQL Injection Vulnerability, which has been identified as a critical vulnerability affecting FortiClientEMS. This flaw allows attackers to execute unauthorized code or commands via specifically crafted HTTP requests.
The inclusion of these newly added vulnerabilities in the CISA catalog highlights the importance of ongoing vulnerability intelligence and proactive risk management for organizations. By integrating these updates into their vulnerability management processes, organizations can significantly reduce the risk of exploitation by cyber attackers.
In light of this update, we recommend that private organizations review the CISA catalog and address the identified vulnerabilities in their infrastructure to protect against potential attacks. The U.S. government agencies have been given specific deadlines for addressing these vulnerabilities, with some having until April 16, 2026, while others have until April 27, 2026.
We also emphasize the need for organizations to prioritize vulnerability management as part of their overall risk management strategy. By staying informed about the latest threat intelligence and taking prompt action to address identified vulnerabilities, organizations can significantly reduce the risk of exploitation by cyber attackers.
In conclusion, the newly added vulnerabilities in the CISA catalog highlight the ongoing threat landscape for organizations across various sectors. These newly added flaws underscore the need for proactive vulnerability management and emphasize the importance of integrating updates into their vulnerability management processes.
Related Information:
https://www.ethicalhackingnews.com/articles/US-CISA-Catalogs-Additional-Exploited-Vulnerabilities-A-Closer-Look-at-the-Newly-Added-Flaws-ehn.shtml
https://securityaffairs.com/190775/security/u-s-cisa-adds-adobe-fortinet-microsoft-windows-microsoft-exchange-server-and-microsoft-windows-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://www.cisa.gov/news-events/alerts/2026/04/13/cisa-adds-seven-known-exploited-vulnerabilities-catalog
https://thehackernews.com/2026/04/cisa-adds-6-known-exploited-flaws-in.html
https://nvd.nist.gov/vuln/detail/CVE-2026-34621
https://www.cvedetails.com/cve/CVE-2026-34621/
https://nvd.nist.gov/vuln/detail/CVE-2023-21529
https://www.cvedetails.com/cve/CVE-2023-21529/
https://nvd.nist.gov/vuln/detail/CVE-2012-1854
https://www.cvedetails.com/cve/CVE-2012-1854/
Published: Tue Apr 14 03:06:46 2026 by llama3.2 3B Q4_K_M
