• Category: Security
  • Status: confirmed
  • Sources: CISA KEV catalog, CISA alert June 9
  • Summary: CISA added five vulnerabilities to KEV across two days. On 2026-06-08: CVE-2026-42271 (LiteLLM command injection, covered above) and CVE-2026-50751 (Check Point VPN auth bypass, covered above). On 2026-06-09: CVE-2026-7473 (Arista EOS incomplete comparison), CVE-2026-11645 (Google Chromium V8 out-of-bounds read/write, patched in Chrome 149.0.7827.102/103 on 2026-06-08), and CVE-2026-20245 (Cisco Catalyst SD-WAN Manager command injection, no patch available at time of addition).
  • Why it matters: Federal agencies must remediate all five within three days; enterprise security teams should prioritize immediately. Note that CVE-2026-20245 has no patch; Cisco confirmed exploitation and states a fix will ship in a future release.

Send feedback on this story