The Hacker News ·EN News source Exploited in the wildCisco Catalyst SD-WAN ManagerGoogle ChromeArista Extensible Operating System (EOS)
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
CVE Tools coverage
CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after reports of in-the-wild exploitation, affecting Cisco Catalyst SD-WAN Manager, Google Chrome V8, and Arista Extensible Operating System (EOS). The listed issues are CVE-2026-20245 (Cisco; authenticated local command execution as root), CVE-2026-11645 (Chrome V8; sandbox escape via crafted HTML for remote code execution), and CVE-2026-7473 (Arista EOS; improper handling of tunnel traffic that can process unexpected tunneled packets). It matters because the KEV listing signals active attacker use, and federal civilian agencies have been directed to remediate or mitigate by June 23, 2026.