{"id":233594,"date":"2026-04-14T01:39:00","date_gmt":"2026-04-14T05:39:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/14\/cisa-adds-6-known-exploited-flaws-in-fortinet-microsoft-and-adobe-software\/"},"modified":"2026-04-20T20:20:09","modified_gmt":"2026-04-21T00:20:09","slug":"cisa-adds-6-known-exploited-flaws-in-fortinet-microsoft-and-adobe-software","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/14\/cisa-adds-6-known-exploited-flaws-in-fortinet-microsoft-and-adobe-software\/","title":{"rendered":"CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/cisa-adds-6-known-exploited-flaws-in.html\">CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/cisa-adds-6-known-exploited-flaws-in.html\">https:\/\/thehackernews.com\/2026\/04\/cisa-adds-6-known-exploited-flaws-in.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-14 01:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Apr 14, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on\u00a0Monday added half a dozen security flaws to its Known Exploited Vulnerabilities\u00a0(KEV) catalog, citing evidence of active exploitation.<\/p>\n<p>The list of vulnerabilities is as follows\u00a0&#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-21643<\/strong> (CVSS score: 9.1) &#8211;\u00a0 An SQL injection vulnerability in\u00a0 Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.<\/li>\n<li><strong>CVE-2020-9715<\/strong> (CVSS score: 7.8) &#8211; A use-after-free vulnerability in Adobe Acrobat Reader that could result in remote code execution.<\/li>\n<li><strong>CVE-2023-36424<\/strong> (CVSS score: 7.8) &#8211; An out-of-bounds read vulnerability in Microsoft Windows Common Log File System Driver that could result in privilege escalation.<\/li>\n<li><strong>CVE-2023-21529<\/strong> (CVSS score: 8.8) &#8211; A deserialization of untrusted data in Microsoft Exchange Server that could allow an authenticated attacker to achieve remote code execution.\u00a0<\/li>\n<li><strong>CVE-2025-60710<\/strong> (CVSS score: 7.8) &#8211; An improper link resolution before file access vulnerability in Host Process for Windows Tasks that could allow an authorized attacker to elevate privileges locally.<\/li>\n<li><strong>CVE-2012-1854<\/strong> (CVSS score: 7.8) &#8211; An insecure library loading vulnerability in Microsoft Visual Basic for Applications (VBA) that could result in remote code execution.<\/li>\n<\/ul>\n<p>The addition of CVE-2026-21643 to the KEV catalog comes after Defused\u00a0Cyber said it detected exploitation attempts targeting the flaw since March 24, 2026. Last\u00a0week,\u00a0Microsoft revealed that a threat actor it tracks as Storm-1175 has been weaponizing CVE-2023-21529 in attacks to deliver Medusa ransomware.<\/p>\n<p>As for CVE-2012-1854, the Windows\u00a0makeracknowledged\u00a0in an advisory released\u00a0in July 2012\u00a0that it&#8217;s aware of &#8220;limited, targeted attacks&#8221; attempting\u00a0to abuse the vulnerability. The exact nature of the attacks is presently\u00a0unknown.<\/p>\n<p>There are currently no public reports referencing the&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/cisa-adds-6-known-exploited-flaws-in.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software https:\/\/thehackernews.com\/2026\/04\/cisa-adds-6-known-exploited-flaws-in.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":233595,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhkkewWzrjyqzejet7cyCWdTUMfgjGZgkDpis6rUlh7qnyPpmcN1k_vVdKvziAZq2cOkFQDrJNM8E6WE8Cl7oPNdq94MOXJLa0nkbEmAFCB_MnjLQzTy-WjHGa6yuLhm7dPzuW3YEQeFIfOT1Tr25NgALeTL6vFDhzmJrCRMLL0GBpOhkwQm_Zirk_9aNjr\/s1600\/warning.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,29,34,27],"class_list":["post-233594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-network-security","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233594"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=233594"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233594\/revisions"}],"predecessor-version":[{"id":233596,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233594\/revisions\/233596"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/233595"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=233594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=233594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=233594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}