CISO Brief

Daily Cyber & Tech News

Government Advisory

CISA adds two vulnerabilities to known exploited catalog

May 9, 2026 #CISA, #KEV, #Palo Alto Networks, #vulnerabilities
Illustration: CISA adds two vulnerabilities to known exploited catalogImage generated for CISOBrief — CISA adds two vulnerabilities to known exploited catalog

Palo Alto Networks PAN-OS and BerriAI LiteLLM vulnerabilities now require federal agency remediation

TL;DR

  • CISA added CVE-2026-0300 (Palo Alto Networks PAN-OS) and CVE-2026-42208 (BerriAI LiteLLM) to KEV catalog
  • Both vulnerabilities show evidence of active exploitation in the wild
  • Federal agencies must remediate by specified deadlines under BOD 22-01

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation.

The additions include CVE-2026-0300, an out-of-bounds write vulnerability in Palo Alto Networks PAN-OS, and CVE-2026-42208, a SQL injection vulnerability in BerriAI LiteLLM.

Active exploitation confirmed

Both vulnerabilities were added to the catalog after CISA confirmed evidence of active exploitation by malicious cyber actors. The KEV Catalog serves as a living list of Common Vulnerabilities and Exposures that pose significant risks to federal networks.

CISA established the catalog under Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch agencies to remediate identified vulnerabilities by specified due dates.

Beyond federal requirements

While BOD 22-01 applies only to federal agencies, CISA strongly urges all organisations to prioritise timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice.

The agency continues to add vulnerabilities to the catalog that meet specified criteria for active exploitation and significant risk.

Why It Matters

KEV additions signal active threat actor interest in these specific vulnerabilities. Organisations using affected Palo Alto Networks PAN-OS systems or BerriAI LiteLLM face immediate operational risk from attackers with working exploits.

For CISOs, KEV listings provide concrete evidence of exploitation to justify emergency patching cycles and board reporting on critical infrastructure protection.

What To Do Now

  • Check if your organisation uses Palo Alto Networks PAN-OS or BerriAI LiteLLM systems
  • Review CISA’s KEV Catalog for complete vulnerability details and remediation deadlines
  • Prioritise these vulnerabilities in your vulnerability management practice as recommended by CISA

Sources

Related Post

Government Advisory

CISA Adds Ivanti EPMM Vulnerability to KEV Catalog

May 9, 2026