⚠

These CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. They are confirmed to be actively exploited in the wild. Immediate remediation is strongly recommended.

Known Exploited VulnerabilitiesACTIVE THREATS

Vulnerabilities confirmed by CISA to be actively exploited. These should be prioritized for immediate patching and remediation in your environment.

3KEV Listed

3Critical

0High

⚠ KEV Catalog Entries (3)

CVE ID	Title	Severity	CVSS	KEV Date	Fix
CVE-2026-20127	Cisco IOS XE Web UI Authentication Bypass	critical	9.8	Mar 15, 2026	YES
CVE-2026-25108	Unauthenticated Remote Code Execution in Acme Cloud Platform	critical	9.8	Mar 15, 2026	YES
CVE-2025-49113	Remote Code Execution in Apache Struts Framework via OGNL Expression Injection	critical	9.8	Mar 15, 2025	YES

CVE-2026-20127

9.8critical

Known Exploited VulnerabilitiesACTIVE THREATS

Cisco IOS XE Web UI Authentication Bypass

Unauthenticated Remote Code Execution in Acme Cloud Platform

Remote Code Execution in Apache Struts Framework via OGNL Expression Injection