CVE-2026-45498 — Microsoft Defender — Microsoft Defender Denial of Service Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2026-41091 — Microsoft Defender — Microsoft Defender Link Following Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2010-0806 — Microsoft Internet Explorer — Microsoft Internet Explorer Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2009-3459 — Adobe Acrobat and Reader — Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2009-1537 — Microsoft DirectX — Microsoft DirectX NULL Byte Overwrite Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2008-4250 — Microsoft Windows — Microsoft Windows Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2026-42897 — Microsoft Microsoft — Microsoft Exchange Server Cross-Site Scripting Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-29
CVE-2026-20182 — Cisco Catalyst SD-WAN — Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2026-05-17
CVE-2026-42208 — BerriAI LiteLLM — BerriAI LiteLLM SQL Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-11
CVE-2026-6973 — Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-10
CVE-2026-0300 — Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required.
Due: 2026-05-09
CVE-2026-31431 — Linux Kernel — Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Action: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-15
CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared) — WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-03
CVE-2026-32202 — Microsoft Windows — Microsoft Windows Protection Mechanism Failure Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-12
CVE-2024-1708 — ConnectWise ScreenConnect — ConnectWise ScreenConnect Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-12
CVE-2024-57726 — SimpleHelp SimpleHelp — SimpleHelp Missing Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-08
CVE-2024-57728 — SimpleHelp SimpleHelp — SimpleHelp Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-08
CVE-2024-7399 — Samsung MagicINFO 9 Server — Samsung MagicINFO 9 Server Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-08
CVE-2025-29635 — D-Link DIR-823X — D-Link DIR-823X Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-08
CVE-2026-39987 — Marimo Marimo — Marimo Remote Code Execution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-07
CVE-2026-33825 — Microsoft Defender — Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-06
CVE-2024-27199 — JetBrains TeamCity — JetBrains TeamCity Relative Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-04
CVE-2025-32975 — Quest KACE Systems Management Appliance (SMA) — Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-04
CVE-2026-20128 — Cisco Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2026-04-23