Security
CISA adds a 2008 Cisco IOS CSRF flaw to the KEV catalog
- Category: Security
- Status: confirmed
- Sources: CISA KEV
- Summary: CISA updated the Known Exploited Vulnerabilities catalog to version 2026.07.13 (count 1638), adding CVE-2008-4128, a cross-site request forgery in Cisco IOS first published in 2008, with a federal remediation due date of 2026-07-16. No other additions landed 2026-07-11 through 2026-07-14.
- Why it matters: A retroactive KEV addition for an 18-year-old flaw points to renewed exploitation of long-lived unpatched network gear.