Security
CISA KEV additions 2026-06-08 and 2026-06-09
- Category: Security
- Status: confirmed
- Sources: CISA KEV catalog, CISA alert June 9
- Summary: CISA added five vulnerabilities to KEV across two days. On 2026-06-08: CVE-2026-42271 (LiteLLM command injection, covered above) and CVE-2026-50751 (Check Point VPN auth bypass, covered above). On 2026-06-09: CVE-2026-7473 (Arista EOS incomplete comparison), CVE-2026-11645 (Google Chromium V8 out-of-bounds read/write, patched in Chrome 149.0.7827.102/103 on 2026-06-08), and CVE-2026-20245 (Cisco Catalyst SD-WAN Manager command injection, no patch available at time of addition).
- Why it matters: Federal agencies must remediate all five within three days; enterprise security teams should prioritize immediately. Note that CVE-2026-20245 has no patch; Cisco confirmed exploitation and states a fix will ship in a future release.