CISA Adds One Known Exploited Vulnerability to Catalog

<p>CISA has added&nbsp;one&nbsp;new&nbsp;vulnerability&nbsp;to its&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.&nbsp;</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-3502" target="_blank">CVE-2026-3502</a>&nbsp;TrueConf&nbsp;Client Download of Code Without Integrity Check Vulnerability&nbsp;</li> </ul> <p>This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.&nbsp;</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a>&nbsp;established the KEV&nbsp;Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the&nbsp;<a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a>&nbsp;for more information.&nbsp;</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing&nbsp;timely&nbsp;remediation of&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">KEV Catalog vulnerabilities</a>&nbsp;as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities">specified criteria</a>.&nbsp;</p>