{"id":587,"date":"2026-04-14T07:48:49","date_gmt":"2026-04-14T07:48:49","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=587"},"modified":"2026-04-14T07:48:49","modified_gmt":"2026-04-14T07:48:49","slug":"cisa-adds-6-known-exploited-flaws-in-fortinet-microsoft-and-adobe-software","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=587","title":{"rendered":"CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Apr 14, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhkkewWzrjyqzejet7cyCWdTUMfgjGZgkDpis6rUlh7qnyPpmcN1k_vVdKvziAZq2cOkFQDrJNM8E6WE8Cl7oPNdq94MOXJLa0nkbEmAFCB_MnjLQzTy-WjHGa6yuLhm7dPzuW3YEQeFIfOT1Tr25NgALeTL6vFDhzmJrCRMLL0GBpOhkwQm_Zirk_9aNjr\/s1700-e365\/warning.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on\u00a0Monday <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/04\/13\/cisa-adds-seven-known-exploited-vulnerabilities-catalog\">added<\/a> half a dozen security flaws to its Known Exploited Vulnerabilities\u00a0(<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">KEV<\/a>) catalog, citing evidence of active exploitation.<\/p>\n<p>The list of vulnerabilities is as follows\u00a0&#8211;<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-21643\">CVE-2026-21643<\/a><\/strong> (CVSS score: 9.1) &#8211;\u00a0 An SQL injection vulnerability in\u00a0 Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.<\/li>\n<li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2020-9715\">CVE-2020-9715<\/a><\/strong> (CVSS score: 7.8) &#8211; A use-after-free vulnerability in Adobe Acrobat Reader that could result in remote code execution.<\/li>\n<li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-36424\">CVE-2023-36424<\/a><\/strong> (CVSS score: 7.8) &#8211; An out-of-bounds read vulnerability in Microsoft Windows Common Log File System Driver that could result in privilege escalation.<\/li>\n<li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-21529\">CVE-2023-21529<\/a><\/strong> (CVSS score: 8.8) &#8211; A deserialization of untrusted data in Microsoft Exchange Server that could allow an authenticated attacker to achieve remote code execution.\u00a0<\/li>\n<li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-60710\">CVE-2025-60710<\/a><\/strong> (CVSS score: 7.8) &#8211; An improper link resolution before file access vulnerability in Host Process for Windows Tasks that could allow an authorized attacker to <a href=\"https:\/\/www.vicarius.io\/vsociety\/posts\/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks\">elevate privileges locally<\/a>.<\/li>\n<li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2012-1854\">CVE-2012-1854<\/a><\/strong> (CVSS score: 7.8) &#8211; An insecure library loading vulnerability in Microsoft Visual Basic for Applications (VBA) that could result in remote code execution.<\/li>\n<\/ul>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/vpn-risk-report-inside-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgWajeG0cdaapf1GKTZRUZUB7BzuYGegyw5k0eAorJXlmkFdYCCeLXXhXYJuXU9lWD33rV6rRnIyly3czoNfYifpxk1eGA5slItPmim3HkubXoQMgC4J7hdQPywxGbWq7Eqeff_o6s2Fq-WmSFd5guwdLn7IqpveMqULqtVnd-ndnljWYGj45EkMFB7m0qm\/s728-e100\/z-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The addition of CVE-2026-21643 to the KEV catalog comes after Defused\u00a0Cyber said it detected exploitation attempts targeting the flaw since March 24, 2026. Last\u00a0week,\u00a0Microsoft revealed that a threat actor it tracks as Storm-1175 has been weaponizing CVE-2023-21529 in attacks to deliver Medusa ransomware.<\/p>\n<p>As for CVE-2012-1854, the Windows\u00a0maker<a href=\"https:\/\/learn.microsoft.com\/en-us\/security-updates\/securitybulletins\/2012\/ms12-046\">acknowledged<\/a>\u00a0in an advisory released\u00a0in July 2012\u00a0that it&#8217;s aware of \u00ablimited, targeted attacks\u00bb attempting\u00a0to abuse the vulnerability. The exact nature of the attacks is presently\u00a0unknown.<\/p>\n<p>There are currently no public reports referencing the exploitation of the remaining three vulnerabilities. In\u00a0light of active attacks, Federal Civilian Executive Branch (FCEB)\u00a0agencies are\u00a0required to apply the fixes by April 27,\u00a02026.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Apr 14, 2026Vulnerability \/ Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on\u00a0Monday added half a dozen security flaws to its Known Exploited Vulnerabilities\u00a0(KEV) catalog, citing evidence&hellip;<\/p>\n","protected":false},"author":1,"featured_media":588,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[200,1135,62,128,11,1075,147,588],"class_list":["post-587","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-adds","tag-adobe","tag-cisa","tag-exploited","tag-flaws","tag-fortinet","tag-microsoft","tag-software"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=587"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/587\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/588"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}