CISA KEV Alert 7/13/2026, 5:57:25 PM

CISA adds Cisco IOS CSRF flaw to KEV, cites active exploits

Developing story vulnerability 3 articles tracked
CISA adds Cisco IOS CSRF flaw (CVE-2008-4128) to Known Exploited Vulnerabilities catalog
CyberSIXT Evidence Panel Source marked as original reporting
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Status Unknown

CISA has added CVE‑2008‑4128 to its Known Exploited Vulnerabilities (KEV) catalogue, announcing the inclusion on 13 July 2026. The affected vendor is Cisco and the product is IOS. The vulnerability is tracked as the Cisco IOS Cross‑Site Request Forgery Vulnerability.

The flaw resides in the HTTP server component of Cisco IOS 12.4 and is a cross‑site request forgery (CSRF) issue. If an administrator is authenticated to the device’s web interface, an attacker can lure them to a malicious web page that submits a crafted request to either the /level/15/exec/- URI (triggering a “show privilege” command) or the /level/15/exec/-/configure/http URI (triggering an “alias exec” command).

Successful exploitation allows the attacker to execute arbitrary commands with the privilege level of the affected session. The vulnerability carries a CVSS v3 score of 4.3, rated MEDIUM, and no patch is currently listed in the NVD or vendor advisories.

CISA placed this CVE in KEV because active exploitation has been observed in the wild. There is no publicly known link to ransomware campaigns at this time. Federal Civilian Executive Branch (FCEB) agencies must complete the required mitigation by the remediation deadline of 16 July 2026.

CISA’s required action is to apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26‑04 Prioritizing Security Updates Based on Risk guidance and CISA’s “Forensics Triage Requirements”. For cloud services, follow the applicable BOD 26‑04 guidance or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26‑04 patching guidelines.

For full details, refer to the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2008-4128 and the CISA KEV catalogue.

View CISA KEV Entry

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline