ACCORDING to The U.S. Cybersecurity and Infrastructure Security Agency (CISA), six vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog, with evidence of active exploitation cited.
The list includes CVE-2026-21643, a high‑severity SQL injection in Fortinet FortiClient EMS that could let an unauthenticated attacker execute code via crafted HTTP requests (CVSS 9.1); CVE-2020-9715, a use‑after‑free flaw in Adobe Acrobat Reader that could enable remote code execution (CVSS 7.8); CVE-2023-36424, an out‑of‑bounds read in Windows CLFS that could cause privilege
escalation (CVSS 7.8); CVE-2023-21529, a deserialization flaw in Microsoft Exchange Server enabling remote code execution for an authenticated attacker (CVSS 8.8); CVE-2025-60710, an improper link resolution before file access in Host Process for Windows Tasks that could allow local privilege elevation (CVSS 7.8); and CVE-2012-1854, an insecure library loading issue in
Microsoft VBA capable of remote code execution (CVSS 7.8). Defused Cyber says exploitation attempts targeting CVE-2026-21643 have been detected since 24 March 2026, while Microsoft notes Storm-1175 has weaponised CVE-2023-21529 in attacks delivering Medusa ransomware. Agencies within the Federal Civilian Executive Branch are required to apply the fixes by 27 April 2026.