CISA has placed three newly exploited flaws in its Known Exploited Vulnerabilities catalogue, affecting Cisco Catalyst SD‑WAN Manager, Arista Extensible Operating System and Google Chromium’s V8 engine.
The additions follow confirmed attacks in the wild and come with a binding deadline for federal agencies to remediate by 23 June 2026 as stated in the agency’s advisory.
CVE‑2026‑20245 carries a CVSS score of 7.8 and stems from improper output encoding in the Catalyst SD‑WAN Manager web interface, letting a locally authenticated attacker run arbitrary commands as root.
No patch is currently listed in the NVD entry, but the KEV listing confirms active exploitation according to CISA’s catalogue.
CVE‑2026‑7473 is rated 6.9 CVSS and resides in Arista’s Extensible Operating System where it can permit unauthorized traffic processing that may lead to a security bypass.
A fix has been released and administrators are urged to upgrade affected devices promptly as noted in recent reporting.
CVE‑2026‑11645 scores 8.8 CVSS and describes an out‑of‑bounds read/write condition in the Chromium V8 JavaScript engine that could enable denial of service or remote code execution.
Google has issued a patch for the V8 component and users should apply the latest Chrome update according to The Hacker News.
Although CISA has not attributed the activity to any specific threat actor, the exploits have been observed in the wild across multiple sectors.
The agency’s KEV catalogue serves as a prioritisation tool, signalling that these defects are being leveraged by adversaries right now.
Defenders should first verify patch availability for each product and apply updates where they exist, beginning with Chrome and Arista devices.
For Cisco Catalyst SD‑WAN Manager, where no fix is yet published, organisations must restrict local access, monitor privileged command execution and consider network segmentation.
Continuous logging of authentication events and anomalous file uploads can help detect attempts to exploit the encoding flaw.