VYPR
Vypr IntelligenceAI-generatedMay 21, 2026· 1 CVE

WordPress CVE-2026-48172 Added to CISA KEV Under Active Exploitation

CISA added a WordPress vulnerability tracked as CVE-2026-48172 to its Known Exploited Vulnerabilities catalog on May 26, 2026, confirming that attackers are actively exploiting the flaw in the wild.

Key findings

  • CISA added WordPress CVE-2026-48172 to the KEV catalog on May 26, 2026, confirming active exploitation in the wild.
  • WordPress powers over 40% of all websites, amplifying the impact of any actively exploited vulnerability.
  • Federal agencies must remediate under BOD 22-01 timelines; all WordPress administrators should patch immediately.
  • No ransomware campaigns have been associated with CVE-2026-48172 at this time.
  • Administrators should audit installations for signs of compromise and verify patches are applied.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a WordPress vulnerability, tracked as CVE-2026-48172, to its Known Exploited Vulnerabilities (KEV) catalog on May 26, 2026. The addition confirms that threat actors are actively exploiting this flaw in the wild, elevating it from a theoretical risk to an immediate concern for WordPress site administrators worldwide.

WordPress powers over 40 percent of all websites on the internet, making any actively exploited vulnerability in the platform a significant threat to the broader web ecosystem. CISA's KEV catalog, maintained under Binding Operational Directive (BOD) 22-01, serves as the authoritative list of vulnerabilities that have been weaponized by attackers. Inclusion in this catalog triggers mandatory remediation timelines for federal civilian executive branch agencies and serves as an urgent signal for private-sector organizations to prioritize patching.

CVE-2026-48172 is a vulnerability in the WordPress content management system. While technical details remain limited at this stage, its addition to the KEV catalog indicates that exploitation has been observed in real-world attacks. Security researchers and WordPress site administrators should monitor the official WordPress security advisories and the National Vulnerability Database for updated technical information, including affected versions and available patches.

Defenders should treat this KEV addition as a high-priority event. Federal agencies must remediate the vulnerability within the timeframe mandated by BOD 22-01. All organizations running WordPress are strongly advised to apply the latest security updates immediately, verify that automatic updates are enabled where feasible, and audit their WordPress installations for signs of compromise. Organizations using managed WordPress hosting should confirm with their providers that patches have been applied. No ransomware campaigns have been associated with this CVE at the time of writing.

AI-written article. Grounded in 1 CVE record listed below.