Security
CISA KEV adds Arista EOS, Chrome V8, and Cisco SD-WAN on 2026-06-09
- Category: Security
- Status: confirmed
- Sources: CISA KEV alert
- Summary: CISA added three CVEs to the Known Exploited Vulnerabilities catalog on 2026-06-09: CVE-2026-7473 (Arista EOS incomplete comparison vulnerability), CVE-2026-11645 (Google Chromium V8 out-of-bounds read/write), and CVE-2026-20245 (Cisco SD-WAN command injection). Federal agencies have binding deadlines for remediation; enterprise teams should treat KEV additions as priority-one patch items.
- Why it matters: Chrome V8 out-of-bounds RW is actively exploited in the browser context; organizations running Chrome on developer workstations should ensure the June update is applied.