CISA Updates Known Exploited Vulnerabilities Catalog with New Nomination Form

The Cybersecurity and Infrastructure Security Agency (CISA) has improved its Known Exploited Vulnerabilities Catalog by introducing a new nomination form. This enhancement aims to streamline the process for stakeholders to submit vulnerabilities that are actively being exploited, helping to keep the catalog up to date with relevant entries.
What happened
CISA announced an enhancement to its Known Exploited Vulnerabilities Catalog by adding a new nomination form. This form provides a standardized mechanism for reporting vulnerabilities that have been observed under active exploitation in the wild. The update supports CISA’s ongoing efforts to maintain a comprehensive and current list of vulnerabilities that pose significant cybersecurity risks when exploited.
Why it matters
Maintaining an accurate and timely catalog of vulnerabilities known to be actively exploited is critical for the cybersecurity community. It helps organizations prioritize patching and remediation efforts by focusing on threats that have demonstrated real-world impact. By improving the process for nominating vulnerabilities, CISA facilitates more efficient information sharing among cybersecurity stakeholders, enhancing overall defensive measures.
What security teams should do
Security teams should review the Known Exploited Vulnerabilities Catalog regularly to ensure timely identification of vulnerabilities that require immediate attention. Organizations can also contribute to the catalog by submitting reports of actively exploited vulnerabilities through the new nomination form, thereby supporting the collective effort to improve cybersecurity defenses. Monitoring updates from CISA will help in adjusting prioritization of patching and mitigation activities accordingly.
Key technical details
The new nomination form introduced by CISA is designed to standardize the submission process for vulnerabilities that have been observed under active exploitation. While the catalog already includes vetted entries with known exploitation activity, the form aims to broaden participation from the community in reporting such cases. CISA evaluates all nominations to verify the exploitation status before inclusion in the catalog.
Affected organizations/products
The update impacts all organizations and security professionals who rely on CISA’s Known Exploited Vulnerabilities Catalog for vulnerability prioritization and risk management. It is relevant to those monitoring vulnerabilities affecting a wide range of software and hardware products with known exploitation activity.