The Cybersecurity and Infrastructure Security Agency (CISA) have expanded its Known Exploited Vulnerabilities, commonly referred to as the KEV catalog, with eight newly identified security flaws that are currently being exploited in real-world attacks. The update was announced on April 21, 2026. 

CISA’s latest update to the KEV catalog introduces eight vulnerabilities spanning a range of products and vendors. Among the most notable inclusions are CVE-2023-27351 and CVE-2024-27199, both of which have drawn attention due to their active exploitation and potential impact on enterprise environments.  Latest Vulnerabilities Added to the KEV Catalog 

CVE-2023-27351 (CVSS 8.2): An improp...