CISA Adds Cisco, Chrome V8 and Arista Vulnerabilities to KEV

Colleagues, a heads-up in cybersecurity: CISA has added three vulnerabilities to KEV following reports of exploitation.
Highlights:
• CVE-2026-20245 (Cisco): improper escaping in Catalyst SD‑WAN Manager — a locally authenticated attacker may execute commands as root.
• CVE-2026-11645 (Chrome V8): out-of-bounds read/write — potential sandbox escape via a malicious page.
• CVE-2026-7473 (Arista EOS): improper tunnel validation — device may decapsulate unintended traffic; exploitation observed, no patch forthcoming, ACLs recommended.
Why it matters: active exploitation and lack of a patch for Arista necessitate urgent checks and traffic restrictions.
Have you audited your gear and applied the recommendations?
#cybersecurity #vulnerabilities #networking #infosec


Latest comments
No comments yet.