Source: CISA Advisories

• CISA Adds One Known Exploited Vulnerability to Catalog
  CISA Advisories · cybersec · 2026-03-26 12:00 UTC · 1 min read

  CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-33634 Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of k…

• OpenCode Systems OC Messaging and Custom Messaging Gateway
  CISA Advisories · cybersec · 2026-03-26 12:00 UTC · 3 min read

  View CSAF Summary Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter. The following versions of OC Messaging and Custom Messaging Gateway are affected: OC Messaging 6.32.2 (CVE-2025-70614) Custom Messaging Gateway 6.32.2 (CVE-2025-70614) CVSS Vendor Equipment Vulnerabilities v3 8.1 OpenCode Systems OC Messaging and Custom Messagi…

• CISA Adds One Known Exploited Vulnerability to Catalog
  CISA Advisories · cybersec · 2026-03-25 12:00 UTC · 1 min read

  <p>CISA has added one new vulnerability to its <a href&#61;"https:&#47;&#47;www.cisa.gov&#47;known-exploited-vulnerabilities-catalog" data-entity-type&#61;"node" data-entity-uuid&#61;"79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution&#61;"canonical" title&#61;"Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catal…

• CISA Adds One Known Exploited Vulnerability to Catalog
  CISA Advisories · cybersec · 2026-03-25 12:00 UTC · 1 min read

  CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-33017 Langflow Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerab…

• Schneider Electric EcoStruxure Foxboro DCS
  CISA Advisories · cybersec · 2026-03-24 12:00 UTC · 6 min read

  <p><a href&#61;"https:&#47;&#47;github.com&#47;cisagov&#47;CSAF&#47;blob&#47;develop&#47;csaf_files&#47;OT&#47;white&#47;2026&#47;icsa-26-083-02.json"><strong>View CSAF<&#47;strong><&#47;a><&#47;p>&#10;<h2>Summary<&#47;h2>&#10;<p><strong>Schneider Electric is aware of a vulnerability in its EcoStruxure Foxboro DCS Control Software on Foxboro DCS workst…

• Schneider Electric Plant iT&#47;Brewmaxx
  CISA Advisories · cybersec · 2026-03-24 12:00 UTC · 4 min read

  <p><a href&#61;"https:&#47;&#47;github.com&#47;cisagov&#47;CSAF&#47;blob&#47;develop&#47;csaf_files&#47;OT&#47;white&#47;2026&#47;icsa-26-083-03.json"><strong>View CSAF<&#47;strong><&#47;a><&#47;p>&#10;<h2>Summary<&#47;h2>&#10;<p><strong>Successful exploitation of these vulnerabilities could risk privilege escalation, which could result in remote code executio…

• Pharos Controls Mosaic Show Controller
  CISA Advisories · cybersec · 2026-03-24 12:00 UTC · 3 min read

  <p><a href&#61;"https:&#47;&#47;github.com&#47;cisagov&#47;CSAF&#47;blob&#47;develop&#47;csaf_files&#47;OT&#47;white&#47;2026&#47;icsa-26-083-01.json"><strong>View CSAF<&#47;strong><&#47;a><&#47;p>&#10;<h2>Summary<&#47;h2>&#10;<p><strong>Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with roo…

• Schneider Electric EcoStruxure Foxboro DCS
  CISA Advisories · cybersec · 2026-03-24 12:00 UTC · 6 min read

  View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure Foxboro DCS Control Software on Foxboro DCS workstations and servers. Control Core Services and all runtime software, like FCPs, FDCs, and FBMs, are not affected. The EcoStruxure Foxboro DCS ([https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/)) product is an innovative family of fault-tolerant, highly available control comp…

• Schneider Electric Plant iT/Brewmaxx
  CISA Advisories · cybersec · 2026-03-24 12:00 UTC · 4 min read

  View CSAF Summary Successful exploitation of these vulnerabilities could risk privilege escalation, which could result in remote code execution. The following versions of Schneider Electric Plant iT/Brewmaxx are affected: Plant iT/Brewmaxx 9.60_and_above (CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819) CVSS Vendor Equipment Vulnerabilities v3 9.9 Schneider Electric Schneider Electric Plant iT/Brewmaxx Use After Free, Integer Overflow or Wraparound, Improper Control of Generation …

• Pharos Controls Mosaic Show Controller
  CISA Advisories · cybersec · 2026-03-24 12:00 UTC · 3 min read

  View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. The following versions of Pharos Controls Mosaic Show Controller are affected: Mosaic Show Controller Firmware 2.15.3 (CVE-2026-2417) CVSS Vendor Equipment Vulnerabilities v3 9.8 Pharos Controls Pharos Controls Mosaic Show Controller Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Commercial Facilities…