CISA recently expanded its Known Exploited Vulnerabilities catalog to include two critical flaws affecting products from Hikvision and Rockwell Automation. Because these vulnerabilities are being actively targeted by attackers, federal agencies must update their systems by March 26, 2026, to prevent unauthorized access or system manipulation.
The Cybersecurity and Infrastructure Security Agency has officially recognized two high-stakes security vulnerabilities as being actively exploited in the wild. These flaws impact a wide range of devices, specifically targeting Hikvision cameras and Rockwell Automation industrial control systems. By placing them on the Known Exploited Vulnerabilities list, the agency signals that these are no longer theoretical risks but are currently being used by malicious actors to compromise systems.
The first vulnerability, identified as CVE-2017-7921, involves an authentication failure in Hikvision products that allows attackers to escalate their privileges and access sensitive data. Despite its age, recent data from the SANS Internet Storm Center confirms that hackers are still actively hunting for unpatched cameras. The second flaw, CVE-2021-22681, targets Rockwell Automation software and controllers used in critical infrastructure. This bug allows unauthorized users to bypass verification and remotely alter configuration or application code.
Both vulnerabilities carry a critical severity rating, reflecting the ease with which they can be exploited and the potential damage they can cause. In the case of the Rockwell Automation flaw, an attacker with network access could essentially take control of industrial hardware, which poses a significant threat to operational technology environments. While public reports of specific attacks on the Rockwell flaw are less common than those on Hikvision, CISA’s inclusion of it in the catalog indicates they have confirmed evidence of malicious activity.
Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies are now legally required to remediate these specific risks. The government has set a deadline of late March 2026 for these agencies to transition to the latest supported software versions. This mandate is part of a broader federal push to close the window of opportunity for cybercriminals who frequently use these types of well-known flaws as entry points into larger networks.
While the formal requirement to patch only applies to federal agencies, CISA is urging private sector organizations and local governments to follow suit immediately. The agency emphasizes that these vulnerabilities are common vectors for cyberattacks across all sectors. By prioritizing the remediation of these specific cataloged flaws, organizations can significantly reduce their overall exposure to cyber threats and strengthen their internal security posture against active exploits.
Source: Microsoft Exposes ClickFix Campaign Using Windows Terminal To Deploy Lumma Stealer