CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

Wednesday, June 10, 2026 at 02:44 PM UTC·Source: The Hacker News

Updated: Wednesday, June 10, 2026 at 04:00 PM UTC

Executive Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows - CVE-2026-20245 (CVSS score: 7.8) - An improper encoding or escaping of output vulnerability in Cisco Catalyst SD-WAN Manager that could allow an

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-20245

NVD MITRE CVE

Source Attribution

Originally published by The Hacker News on Jun 10, 2026.

Related Threats

MEDIUMVulnerabilityNEW

Presidio launches AI governance platform for financial services

Financial institutions are entering a new operating model shaped by AI, automation, and rising expectations for more personalized, efficient, and compliant client experiences.

35m agoFinextra

MEDIUMVulnerability

Duke University Health System; Derick Dermatology Settle Class Action Pixel Lawsuits

Two more healthcare providers have settled lawsuits over their use of website tracking technologies: Duke University Health System and Derick […] The post Duke University Health System; Derick Dermatology Settle Class Action Pixel Lawsuits appeared first on The HIPAA Journal .

3h agoHIPAA Journal

LOWVulnerabilityPOC

Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft.

3h agoDark Reading