The US Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities in Cisco IOS XE to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch within 48 hours. The vulnerabilities, affecting Cisco's enterprise networking software, are being actively exploited in the wild.
Federal agencies have been given until April 26, 2026 to remediate the vulnerabilities or provide justification for not doing so. Private sector organizations are strongly encouraged to prioritize patching.