VYPR
kevPublished Jul 10, 2026· 1 source

CISA Adds Two Exploited Vulnerabilities in iCagenda and Balbooa Forms to KEV Catalog

CISA has added CVE-2026-48939 and CVE-2026-56291 to its Known Exploited Vulnerabilities Catalog, citing active exploitation of file upload flaws.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, signaling that these flaws are actively being exploited in the wild. The newly cataloged vulnerabilities are CVE-2026-48939, affecting iCagenda, and CVE-2026-56291, impacting Balbooa Forms.

Both vulnerabilities are characterized as "Unrestricted Upload of File with Dangerous Type." This class of vulnerability is a common and potent attack vector, allowing malicious actors to upload and execute arbitrary files on a target system. Such capabilities can lead to a complete compromise of the affected application and potentially the underlying infrastructure, enabling attackers to steal data, deploy ransomware, or establish persistent access.

The inclusion of these vulnerabilities in the KEV Catalog directly relates to CISA's Binding Operational Directive (BOD) 26-04, which mandates that Federal Civilian Executive Branch (FCEB) agencies prioritize the remediation of high-risk vulnerabilities. Specifically, BOD 26-04 emphasizes the critical nature of vulnerabilities listed in the KEV Catalog that, upon exploitation, grant total control of an asset, especially those exposed to the internet.

Federal agencies are required to manage their vulnerability remediation efforts based on risk, with a strong emphasis on addressing KEV-listed vulnerabilities on publicly exposed assets promptly. The directive also outlines expectations for agencies to detect whether systems were compromised before a patch was applied, underscoring the need for robust incident response and forensic capabilities.

While BOD 26-04 specifically targets FCEB agencies, CISA strongly encourages all organizations, including those in the private sector, to adopt a similar risk-based approach to vulnerability management. Prioritizing the patching of vulnerabilities identified in the KEV Catalog is a crucial step in bolstering an organization's overall security posture and reducing its attack surface.

CISA continues to monitor the threat landscape and will regularly update the KEV Catalog with new vulnerabilities that meet its criteria for active exploitation and significant risk. Organizations are urged to stay informed about new additions to the catalog and to ensure their systems are patched accordingly.

For those who discover evidence of exploited vulnerabilities not yet listed in the KEV Catalog, CISA provides a nomination form. To be considered for inclusion, a vulnerability must have a confirmed CVE ID, demonstrable evidence of exploitation, and clear guidance on how to mitigate or remediate it.

Synthesized by Vypr AI