The Cybersecurity and Infrastructure Security Agency has officially added two new vulnerabilities to its Known Exploited Vulnerabilities catalog. This update follows confirmed reports that these security flaws are currently being leveraged by malicious actors in active cyberattacks. The agency maintains this catalog to track vulnerabilities that pose significant risks to the federal enterprise and require immediate attention from system administrators.
The newly listed vulnerabilities include CVE-2023-4346, which affects the KNX Association KNX Protocol Connection Authorization, and CVE-2026-46817, which impacts Oracle E-Business Suite. The KNX vulnerability involves an overly restrictive account lockout mechanism, while the Oracle flaw relates to improper privilege management. Both issues represent common attack vectors that can grant unauthorized access or control if left unpatched on exposed systems.
Under the requirements of Binding Operational Directive 26-04, Federal Civilian Executive Branch agencies are mandated to prioritize the remediation of these specific vulnerabilities. The directive emphasizes the need for rapid patching on any publicly exposed assets that could allow an attacker to gain total control of the system post-exploitation. Agencies are also expected to conduct thorough checks to determine if any compromise occurred prior to the application of security updates.
While the binding directive applies specifically to federal agencies, the agency strongly encourages all private and public sector organizations to adopt similar risk-based vulnerability management practices. By prioritizing the remediation of vulnerabilities listed in the catalog, organizations can better defend their networks against known threats. The agency continues to monitor the landscape for additional vulnerabilities that meet the criteria for inclusion in the catalog.
Organizations that identify other exploited vulnerabilities not currently listed in the catalog are encouraged to submit them through the official nomination form. To be considered for addition, a vulnerability must possess a valid CVE ID, provide clear evidence of active exploitation, and include documented mitigation guidance. This collaborative approach helps maintain the relevance and effectiveness of the catalog as a resource for the broader cybersecurity community.