The U.S. Cybersecurity and Infrastructure Security Agency has identified six security vulnerabilities being actively exploited in the wild, adding them to its official catalog of known exploited flaws. The newly cataloged vulnerabilities span multiple enterprise software platforms, affecting organizations across various industries.
Among the threats is CVE-2026-21643, which carries a critical severity score of 9.1. This SQL injection vulnerability exists in Fortinet FortiClient EMS and could enable unauthenticated attackers to compromise affected systems. The flaw represents a significant risk to organizations relying on Fortinet's endpoint management solutions for security operations.
The additions to CISA's Known Exploited Vulnerabilities catalog underscore the ongoing threat landscape organizations face. By maintaining this public list, CISA provides visibility into threats that adversaries are actively leveraging, helping security teams prioritize patching efforts based on real-world exploitation data rather than theoretical risk assessments.
Organizations running affected software are strongly advised to review their systems and apply available security patches immediately. The inclusion of these vulnerabilities in CISA's catalog typically indicates that exploitation is occurring in operational environments, making remediation urgent rather than routine.
This latest batch of additions reflects the agency's continued monitoring of threat activity and vulnerability exploitation trends. Security teams should consult the complete KEV catalog for comprehensive details on all identified flaws, including affected product versions and available remediation guidance. Prioritizing patches for vulnerabilities with active exploitation evidence can significantly reduce organizational risk and prevent potential breaches.