Vulnerability Management, Patch/Configuration Management, Critical Infrastructure Security

CISA adds critical Microsoft Office, Linux Kernel, and SmarterMail vulnerabilities to KEV catalog

January 28, 2026

(Adobe Stock)

As outlined in Security Affairs, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog, adding several critical flaws affecting widely used software including Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux Kernel.

The newly added vulnerabilities include an integer overflow in the Linux Kernel (CVE-2018-14634) that allows for privilege escalation, a security feature bypass in Microsoft Office (CVE-2026-21509) actively exploited in the wild, an argument injection flaw in GNU InetUtils telnet daemon (CVE-2026-24061) with a CVSS score of 9.8, and two critical SmarterTools SmarterMail vulnerabilities (CVE-2025-52691 and CVE-2026-23760) enabling unauthenticated remote code execution via arbitrary file upload. These flaws, discovered between 2018 and 2025, pose significant risks to systems running vulnerable versions of these applications.

The inclusion of these vulnerabilities in CISA's KEV catalog mandates federal agencies to address them by February 16, 2026, under Binding Operational Directive 22-01.

Source: Security Affairs

SC Staff

System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Vulnerability Management

SimpleHelp vulnerability allows unauthenticated attackers to create privileged accounts

SC StaffJune 16, 2026

The flaw, affecting SimpleHelp versions 5.5.15 and older, and 6.0 pre-release versions, stems from improper validation of identity assertions from an OIDC identity provider.