CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA has added six actively exploited vulnerabilities affecting Fortinet FortiClient EMS, Microsoft, and Adobe software to its Known Exploited Vulnerabilities (KEV) catalog. Key vulnerability CVE-2026-21643 is a critical SQL injection flaw (CVSS 9.1) in Fortinet FortiClient EMS that could allow unauthenticated attackers to compromise systems. The inclusion in the KEV catalog confirms these vulnerabilities are being actively exploited in the wild, posing significant risk to affected organizations. Federal agencies are required to remediate these vulnerabilities under BOD 22-01. Organizations using Fortinet, Microsoft, or Adobe products should immediately apply available patches and implement compensating controls to prevent potential breaches.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) -  An SQL injection vulnerability in  Fortinet FortiClient EMS that could allow an unauthenticated attacker to

CISA has added six actively exploited vulnerabilities affecting Fortinet FortiClient EMS, Microsoft, and Adobe software to its Known Exploited Vulnerabilities (KEV) catalog. Key vulnerability CVE-2026-21643 is a critical SQL injection flaw (CVSS 9.1) in Fortinet FortiClient EMS that could allow unauthenticated attackers to compromise systems. The inclusion in the KEV catalog confirms these vulnerabilities are being actively exploited in the wild, posing significant risk to affected organizations. Federal agencies are required to remediate these vulnerabilities under BOD 22-01. Organizations using Fortinet, Microsoft, or Adobe products should immediately apply available patches and implement compensating controls to prevent potential breaches. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) - An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) - An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to