CISA Identifies Six Actively Exploited Vulnerabilities in Fortinet, Microsoft, and Adobe Products
On April 14, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog by adding six security flaws found in products from Fortinet, Microsoft, and Adobe. These vulnerabilities are currently under active exploitation, posing significant risks to organizations utilizing these technologies.
Detailed Overview of the Vulnerabilities:
1. CVE-2026-21643 (CVSS Score: 9.1)
– Product Affected: Fortinet FortiClient EMS
– Nature of Vulnerability: An SQL injection flaw that allows unauthenticated attackers to execute unauthorized code or commands by sending specially crafted HTTP requests.
– Exploitation Evidence: Defused Cyber reported detecting exploitation attempts targeting this vulnerability since March 24, 2026.
2. CVE-2020-9715 (CVSS Score: 7.8)
– Product Affected: Adobe Acrobat Reader
– Nature of Vulnerability: A use-after-free vulnerability that could lead to remote code execution.
– Exploitation Evidence: While specific details are limited, the inclusion in the KEV catalog indicates active exploitation.
3. CVE-2023-36424 (CVSS Score: 7.8)
– Product Affected: Microsoft Windows Common Log File System Driver
– Nature of Vulnerability: An out-of-bounds read vulnerability that could result in privilege escalation.
– Exploitation Evidence: No public reports detail the exploitation, but its presence in the KEV catalog suggests active attacks.
4. CVE-2023-21529 (CVSS Score: 8.8)
– Product Affected: Microsoft Exchange Server
– Nature of Vulnerability: A deserialization of untrusted data issue that could allow an authenticated attacker to achieve remote code execution.
– Exploitation Evidence: Microsoft disclosed that a threat actor, identified as Storm-1175, has been exploiting this vulnerability to deploy Medusa ransomware.
5. CVE-2025-60710 (CVSS Score: 7.8)
– Product Affected: Host Process for Windows Tasks
– Nature of Vulnerability: An improper link resolution before file access vulnerability that could enable an authorized attacker to elevate privileges locally.
– Exploitation Evidence: Specific exploitation details are not publicly available, but active exploitation is implied by its KEV catalog inclusion.
6. CVE-2012-1854 (CVSS Score: 7.8)
– Product Affected: Microsoft Visual Basic for Applications (VBA)
– Nature of Vulnerability: An insecure library loading vulnerability that could result in remote code execution.
– Exploitation Evidence: Microsoft acknowledged limited, targeted attacks exploiting this vulnerability as early as July 2012.
Implications and Recommendations:
The active exploitation of these vulnerabilities underscores the persistent threats facing organizations. Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the necessary patches by April 27, 2026, with a specific deadline of April 16, 2026, for the FortiClient EMS vulnerability.
Organizations are urged to:
– Prioritize Patch Management: Ensure all systems are updated with the latest security patches to mitigate these vulnerabilities.
– Enhance Monitoring: Implement robust monitoring to detect and respond to potential exploitation attempts promptly.
– Educate Personnel: Conduct regular training sessions to raise awareness about security best practices and the importance of timely updates.
By proactively addressing these vulnerabilities, organizations can significantly reduce the risk of cyberattacks and safeguard their critical assets.
