• Category: Security
  • Status: confirmed
  • Sources: CISA KEV alert
  • Summary: CISA added three CVEs to the Known Exploited Vulnerabilities catalog on 2026-06-09: CVE-2026-7473 (Arista EOS incomplete comparison vulnerability), CVE-2026-11645 (Google Chromium V8 out-of-bounds read/write), and CVE-2026-20245 (Cisco SD-WAN command injection). Federal agencies have binding deadlines for remediation; enterprise teams should treat KEV additions as priority-one patch items.
  • Why it matters: Chrome V8 out-of-bounds RW is actively exploited in the browser context; organizations running Chrome on developer workstations should ensure the June update is applied.

Send feedback on this story