CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA added three vulnerabilities to its KEV catalog, including two supply-chain flaws in Daemon Tools Lite and Nx Console, and one in TanStack.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The additions include CVE-2026-8398 in Daemon Tools Lite, CVE-2026-45321 in TanStack, and CVE-2026-48027 in Nx Console. These flaws are being actively used by malicious actors, posing significant risk to federal networks and the broader IT ecosystem.
The vulnerabilities added are diverse in nature. CVE-2026-8398 involves embedded malicious code in Daemon Tools Lite, a popular disk imaging utility. CVE-2026-48027 similarly involves embedded malicious code in Nx Console, a development tool for the Nx build system. CVE-2026-45321 is an unspecified vulnerability in TanStack, a web development framework. The inclusion of supply-chain style attacks highlights a growing trend of threat actors targeting software dependencies.
Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate these vulnerabilities by the specified due date. The directive mandates that agencies patch or mitigate all KEV-listed flaws within a set timeframe to protect against active threats. CISA strongly urges all organizations, not just federal agencies, to prioritize patching these vulnerabilities as part of their vulnerability management practices.
The KEV Catalog serves as a living list of known exploited CVEs that carry significant risk. CISA continues to add vulnerabilities that meet the criteria of active exploitation and clear remediation steps. Organizations are advised to consult the catalog regularly and apply patches promptly to reduce exposure to cyberattacks.
This addition follows a pattern of CISA actively expanding the KEV catalog to include vulnerabilities from various vendors. The agency has been increasingly focused on supply-chain security, as evidenced by the inclusion of embedded malicious code vulnerabilities. CISA's actions underscore the importance of timely patching and the need for organizations to maintain robust vulnerability management programs.
For more details, see the CISA alert.