THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These include:
1. **CVE-2026-7473**: A flaw in the Arista Extensible Operating System which may allow unauthorized traffic processing, leading to potential security bypass.
2. **CVE-2026-11645**: An out-of-bounds read/write vulnerability in Google Chromium's V8 engine, potentially allowing Denial of Service and remote code execution.
3. **CVE-2026-20245**: A privilege escalation issue in Cisco Catalyst SD-WAN Manager that enables local authenticated attackers to execute commands as root.
CISA mandates federal agencies to address these vulnerabilities by June 23, 2026, advising private organizations to also review these vulnerabilities.