CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six security flaws to its Known Exploited Vulnerabilities catalog on April 14, 2026, citing active exploitation. The flaws affect Fortinet FortiClient EMS, Adobe Acrobat Reader, Microsoft Windows, Exchange Server, and VBA, with CVSS scores ranging from 7.8 to 9.1. Federal agencies must patch the flaws by April 27, 2026, with FortiClient EMS vulnerabilities requiring remediation by April 16, 2026.

Full text

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software Ravie LakshmananApr 14, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) - An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. CVE-2020-9715 (CVSS score: 7.8) - A use-after-free vulnerability in Adobe Acrobat Reader that could result in remote code execution. CVE-2023-36424 (CVSS score: 7.8) - An out-of-bounds read vulnerability in Microsoft Windows Common Log File System Driver that could result in privilege escalation. CVE-2023-21529 (CVSS score: 8.8) - A deserialization of untrusted data in Microsoft Exchange Server that could allow an authenticated attacker to achieve remote code execution. CVE-2025-60710 (CVSS score: 7.8) - An improper link resolution before file access vulnerability in Host Process for Windows Tasks that could allow an authorized attacker to elevate privileges locally. CVE-2012-1854 (CVSS score: 7.8) - An insecure library loading vulnerability in Microsoft Visual Basic for Applications (VBA) that could result in remote code execution. The addition of CVE-2026-21643 to the KEV catalog comes after Defused Cyber said it detected exploitation attempts targeting the flaw since March 24, 2026. Last week, Microsoft revealed that a threat actor it tracks as Storm-1175 has been weaponizing CVE-2023-21529 in attacks to deliver Medusa ransomware. As for CVE-2012-1854, the Windows makeracknowledged in an advisory released in July 2012 that it's aware of "limited, targeted attacks" attempting to abuse the vulnerability. The exact nature of the attacks is presently unknown. There are currently no public reports referencing the exploitation of the remaining three vulnerabilities. In light of active attacks, Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes by April 27, 2026. Patches for the FortiClient EMS vulnerability should be implemented by April 16, 2026. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Adobe, CISA, cybersecurity, Fortinet, Microsoft, network security, Patch Management, ransomware, Threat Intelligence, vulnerability management Trending News Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Block the Prompt, Not the Work: The End of "Doctor No" BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems AI Will Change Cybersecurity. Humans Will Define Its Success. A Lesson No Algorithm Can Teach The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority Popular Resources Learn How to Block Breached Passwords in Active Directory Before Attacks Get Full Visibility into Vendor and Internal Risk in One Platform [Guide] Get Practical Steps to Govern AI Agents with Runtime Controls Secure Your AI Systems Across the Full Lifecycle of Risks

Indicators of Compromise

• cve — CVE-2026-21643
• cve — CVE-2020-9715
• cve — CVE-2023-36424
• cve — CVE-2023-21529
• cve — CVE-2025-60710
• cve — CVE-2012-1854

Entities