THE Known Exploited Vulnerabilities (KEV) Catalog is maintained as the authoritative source of vulnerabilities that have been exploited in the wild, according to CISA. The catalog currently shows one entry: CVE-2026-31431, a Linux Kernel vulnerability described as an incorrect resource transfer between spheres that could allow privilege escalation, with related CWE-699.
It lists the vulnerability as Unknown for whether it is known to be used in ransomware campaigns, and provides action guidance to apply vendor mitigations, follow cloud service guidance, or discontinue use of the product if mitigations are unavailable. Date Added is 1 May 2026 and the Due Date is 15 May 2026. Additional notes include links to the Linux kernel announcement and CVE details.