CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

2026-06-10

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, affecting Cisco SD-WAN, Chrome V8, and Arista EOS.

•CVE-2026-20245 (CVSS 7.8): Improper encoding in Cisco Catalyst SD-WAN Manager allows authenticated local attackers to execute arbitrary commands as root
•CVE-2026-11645 (CVSS 8.8): Out-of-bounds read/write in Chrome V8 enables remote code execution via crafted HTML pages
•CVE-2026-7473 (CVSS 6.9): Incomplete comparison in Arista EOS causes incorrect tunnel decapsulation processing
•Arista announced no patches planned due to risk of breaking existing configurations, offering ACL-based mitigations instead
•FCEB agencies must apply fixes or mitigations by June 23, 2026

CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit