THE Known Exploited Vulnerabilities (KEV) Catalog is maintained by CISA to provide an authoritative source of vulnerabilities exploited in the wild. It assists organizations in managing vulnerabilities effectively. The catalog includes details about the vulnerabilities, such as the Ivanti Sentry OS Command Injection (CVE-2026-10520), which allows remote root-level code execution if endpoints are unmanaged.
Users are encouraged to apply mitigations per vendor instructions and follow CISA’s guidelines for security updates. The KEV catalog is available in multiple formats, including CSV and JSON, and offers options for users to report new vulnerabilities.