The Cybersecurity and Infrastructure Security Agency has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog based on confirmed evidence of active exploitation in real-world attacks. The additions include CVE-2025-67038 affecting Lantronix EDS5000 devices (a code injection vulnerability), and three flaws in Ubiquiti UniFi OS: CVE-2026-34908 (improper access control), CVE-2026-34909 (path traversal), and CVE-2026-34910 (improper input validation).
These vulnerability types represent common attack vectors that malicious actors frequently exploit to compromise systems. The KEV Catalog serves as CISA's authoritative list of security flaws known to be actively exploited, helping organizations prioritize their patching efforts based on real threat activity rather than theoretical risk scores alone.
The technical nature of these vulnerabilities allows attackers to inject malicious code, bypass access controls, traverse file systems to access restricted data, and exploit improper input handling. When successfully exploited on publicly exposed assets, these flaws can grant attackers total control of affected systems, making them particularly dangerous for organizations with internet-facing infrastructure running the vulnerable products.
Binding Operational Directive 26-04 mandates that Federal Civilian Executive Branch agencies prioritize rapid remediation of KEV Catalog vulnerabilities on publicly exposed assets, particularly those that grant complete system control post-exploitation. The directive also requires agencies to investigate whether threat actors compromised systems before patches were applied, establishing clear expectations for incident response timelines.
Organizations should immediately identify any Lantronix EDS5000 or Ubiquiti UniFi OS deployments in their environments and apply available security updates. CISA recommends all organizations, not just federal agencies, adopt risk-based vulnerability management practices that prioritize KEV Catalog entries. Security teams can submit newly discovered exploited vulnerabilities through CISA's KEV Nomination Form if they have a CVE identifier, exploitation evidence, and clear mitigation guidance.
Source: https://www.cisa.gov/news-events/alerts/2026/06/23/cisa-adds-four-known-exploited-vulnerabilities-catalog