The U.S. cybersecurity authorities have added three newly exploited security flaws affecting Cisco, Google Chrome, and Arista Networks products to its official list of actively exploited vulnerabilities, signaling heightened risk for organizations and government systems.
The move by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlights ongoing real-world attacks targeting enterprise networking equipment and widely used web browsers.
Three vulnerabilities confirmed under active exploitation
The newly added issues to the Known Exploited Vulnerabilities (KEV) catalog include flaws impacting networking infrastructure and browser security:
- CVE-2026-20245 – Cisco Catalyst SD-WAN Manager
- CVE-2026-11645 – Google Chrome V8 engine
- CVE-2026-7473 – Arista Extensible Operating System (EOS)
These vulnerabilities range in severity but all have been confirmed as exploited in the wild, prompting immediate attention from federal agencies and private-sector defenders.
Cisco SD-WAN flaw enables command execution
Networking giant Cisco is affected by a vulnerability in its Catalyst SD-WAN Manager that could allow a local authenticated attacker to execute arbitrary commands with root privileges.
The flaw involves improper handling of specially crafted files that can be used to manipulate system execution paths, potentially giving attackers full control over affected network management systems.
Chrome V8 vulnerability allows remote code execution
A separate high-severity issue affects Google Chrome, specifically its V8 JavaScript engine.
Security researchers warn that the flaw could allow a remote attacker to achieve code execution inside the browser sandbox by tricking users into visiting a specially crafted webpage. While sandboxing limits system-level access, successful exploitation can still lead to serious compromise of user data and sessions.
Arista EOS flaw impacts network traffic handling
The third vulnerability affects networking vendor Arista Networks and its Extensible Operating System (EOS), used in high-performance data center and enterprise switches.
The flaw involves incorrect handling of tunneled traffic, which may allow attackers to inject or misroute unexpected network packets under specific configurations involving VXLAN or GRE tunneling.
Arista confirmed that the issue has been observed in active exploitation but stated that no direct software patch is planned. Instead, the company recommends configuration-based mitigations such as applying access control lists (ACLs) to filter traffic.
No patch for Arista flaw raises concern
Unlike traditional vulnerability responses, Arista’s decision not to release a patch for CVE-2026-7473 has raised concerns among security professionals.
The company warned that fixing the flaw through software updates could disrupt existing network configurations, especially in complex enterprise environments.
Instead, administrators are being urged to implement strict traffic filtering rules to limit exposure.
Federal deadline for mitigation
U.S. Federal Civilian Executive Branch (FCEB) agencies have been instructed to remediate or mitigate all three vulnerabilities by June 23, 2026, underscoring the urgency of the threat.
Security officials emphasize that the KEV listing means exploitation is not theoretical but actively occurring, requiring immediate defensive action.
Growing wave of actively exploited flaws
Cybersecurity analysts say the inclusion of these vulnerabilities in the KEV catalog reflects a broader trend: attackers are increasingly targeting foundational infrastructure such as browsers, network management systems, and switching platforms.
These systems often sit at critical points in enterprise environments, making them high-value targets for espionage, disruption, or data theft.
