CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA has added six security flaws affecting Fortinet, Microsoft, and Adobe software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Among the vulnerabilities is CVE-2026-21643 (CVSS 9.1), a critical SQL injection flaw in Fortinet FortiClient EMS that could allow remote code execution or unauthorized data access. Organizations using affected products should apply patches immediately and review systems for signs of compromise. Federal agencies have a mandated deadline to remediate these vulnerabilities. The addition of these flaws to the KEV catalog indicates active threat actor interest and ongoing exploitation in the wild.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) -  An SQL injection vulnerability in  Fortinet FortiClient EMS that could allow an

CISA has added six security flaws affecting Fortinet, Microsoft, and Adobe software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Among the vulnerabilities is CVE-2026-21643 (CVSS 9.1), a critical SQL injection flaw in Fortinet FortiClient EMS that could allow remote code execution or unauthorized data access. Organizations using affected products should apply patches immediately and review systems for signs of compromise. Federal agencies have a mandated deadline to remediate these vulnerabilities. The addition of these flaws to the KEV catalog indicates active threat actor interest and ongoing exploitation in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) - An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) - An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an