ACCORDING to CISA, the U.S. Cybersecurity and Infrastructure Security Agency, Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws have been added to the Known Exploited Vulnerabilities catalog.
The newly listed flaws include CVE-2018-14634 (Linux Kernel Integer Overflow Vulnerability), CVE-2025-52691 (SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type), CVE-2026-21509 (Microsoft Office Security Feature Bypass Vulnerability), CVE-2026-23760 (SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel), and CVE-2026-24061 (GNU InetUtils Argument Injection Vulnerability).
The feature bypass affecting Office versions is described as allowing an unauthorised attacker to bypass a security feature if a user opens a malicious Office file. The GNU InetUtils issue concerns the telnet daemon and can enable root access on affected systems, with the vulnerability dating back to a code commit in March 2015. The KEV additions emphasise that agencies are required to address these flaws by specified deadlines, including a final fix date for federal organisations.