CISA KEV catalog known exploited vulnerabilities June 2026
Back to Blog
Vulnerability Research

CISA KEV Catalog Updates & Known Exploited Vulnerabilities — June 2026 Briefing

PublishedJune 7, 2026
Read time6 min read
Share
Originally reported viaCISA Known Exploited Vulnerabilities Catalogue · CISA Binding Operational Directive 22-01

CISA's Known Exploited Vulnerabilities catalogue has added 23 new entries between 1–10 June 2026, bringing the total catalogue to 1,247 entries. Every KEV entry represents a confirmed exploitation in the wild — not a theoretical risk. For enterprise security teams, KEV membership is the single most reliable signal that a vulnerability warrants immediate prioritisation, regardless of CVSS score.

Highest-priority June 2026 additions

The most significant June additions beyond CVE-2026-50751 (Check Point VPN) include: CVE-2026-27198 (Ivanti Connect Secure XML injection, CVSS 9.1) exploited within 48 hours of disclosure; CVE-2026-34362 (MOVEit Transfer SQL injection variant, CVSS 9.8) — a bypass of mitigations applied post-CVE-2023-34362; CVE-2026-2030 (Palo Alto PAN-OS authentication bypass, CVSS 9.3); and CVE-2026-7256 (VMware vCenter Server remote code execution, CVSS 9.8).

Source: CISA Known Exploited Vulnerabilities Catalogue — 10 June 2026
CISA's BOD 22-01 requires all federal civilian executive branch agencies to remediate KEV entries within mandated timelines (typically 2 weeks for standard entries, shorter for critical). Commercial organisations are strongly encouraged to adopt equivalent timelines for internet-exposed assets.

Using KEV effectively in enterprise vulnerability management

The KEV catalogue is most powerful when combined with asset inventory and exposure data. A KEV entry affecting a product not present in your environment requires no action. A KEV entry affecting an internet-exposed asset is a P1 regardless of CVSS score. Organisations that have automated KEV feed ingestion into their vulnerability management platforms consistently outperform those relying on manual review of CISA advisories.

  • Subscribe to the CISA KEV ATOM/JSON feed and ingest it into your vulnerability management platform — manual tracking is too slow.
  • Cross-reference June KEV additions against your asset inventory. Prioritise: CVE-2026-27198 (Ivanti), CVE-2026-34362 (MOVEit), CVE-2026-2030 (Palo Alto), CVE-2026-7256 (VMware).
  • Treat all KEV entries affecting internet-exposed assets as P1 with a 24-hour patch target.
  • Validate that Ivanti Connect Secure appliances have the most recent hotfix applied — Ivanti has had 6 KEV entries in 2026 alone.
  • Review MOVEit Transfer deployments — the SQL injection variant in June bypasses previous mitigations and requires a separate patch.
Furix's vulnerability prioritisation engine auto-ingests the CISA KEV feed in real time and surfaces affected assets in your environment within minutes of a new catalogue addition.

Stay ahead of the threat curve

Get the latest CVE advisories, threat actor intelligence, and detection engineering posts delivered to your inbox.

More from Furix Intelligence

Microsoft Changes Windows Security System After 15 Years With Mandatory One-Time Restart
Technology News
Microsoft Changes Windows Security System After 15 Years With Mandatory One-Time Restart
May 12
AI Discovers Decades-Old Vulnerabilities in PostgreSQL and MariaDB
Cybersecurity
AI Discovers Decades-Old Vulnerabilities in PostgreSQL and MariaDB
May 12
Palo Alto PAN-OS Vulnerability Under Active Exploitation Enables Remote Code Execution
Vulnerability News
Palo Alto PAN-OS Vulnerability Under Active Exploitation Enables Remote Code Execution
May 12
Critical Apache HTTP Server Vulnerability Allows Possible Remote Code Execution
Cybersecurity
Critical Apache HTTP Server Vulnerability Allows Possible Remote Code Execution
May 12
This Open-Source GitHub Alternative Is Gaining Serious Momentum — And It’s Refreshingly Simple
Technology
This Open-Source GitHub Alternative Is Gaining Serious Momentum — And It’s Refreshingly Simple
May 12