● Importantworld2 outlets covering this

CISA Adds Four Known Exploited Vulnerabilities to Catalog

First publishedJul 14, 12:00 UTC
Last updatedJul 15, 11:12 UTC · 11m ago
22 outletsCISA
2 outlets over time — hover a bar for its window & outletslast updated
● Story signals

How strong is this topic?

6.3/10Significanceimpact & urgency
9.0/10Source trustoutlet authority
2Outletsindependent sources

Significance weighs impact, urgency & coverage breadth · Source trust is the outlets' average authority · more outlets means a more confirmed story.

Answer

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.

Reported by 2 outlets CISA. See all sources ↓

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities.

Read the full report at CISA

Why it matters

2 outlets are covering this world story — one to watch as reporting develops.

In brief
What's the story?
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.
How widely is it covered?
2 outlets, average source rating 9.0/10.
When was it last updated?
11m ago.
Different angles across outlets
Coverage map

How outlets are framing the same story

Here's how each outlet is covering the story — compare their headlines and timing at a glance.

  • Coverage card1 outlet
    1Coverage
    Scouting report

    CISA Adds Four Known Exploited Vulnerabilities to Catalog

    Sources1
    TypeCoverage
    CISA
Related in the knowledge graph
Sources (2)
Avg source rating 9.0/10
Processing cluster
A1A2A3B1B2B3
Share this article
Summarize with AI (opens AI chat with article URL · Gemini: prompt copied to clipboard)