THE Known Exploited Vulnerabilities (KEV) Catalog is a resource provided by CISA, aimed at helping organizations manage cybersecurity vulnerabilities that have been actively exploited. It allows users to prioritize vulnerability management and encourages reporting of any vulnerabilities not listed in the catalog. One specific vulnerability highlighted is CVE-2026-25089 related to Fortinet's FortiSandbox, which poses a risk of OS command injection, allowing unauthorized command execution via crafted HTTP requests.
The catalog also offers data in formats like CSV and JSON, along with guidelines for applying mitigations and adhering to security update priorities set by CISA. Users can subscribe for updates on new vulnerabilities.