The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. Among these, CVE-2026-21643, a high-severity SQL injection flaw in Fortinet's FortiClient EMS, received a CVSS score of 9.1, highlighting its potential impact. Other vulnerabilities affect widely used Microsoft and Adobe products, underscoring the urgency for organizations to address these security risks to prevent unauthorized access and data breaches.
For businesses, the identification of these vulnerabilities serves as a clarion call to assess and strengthen their cybersecurity posture. Organizations utilizing Fortinet, Microsoft, or Adobe software must prioritize patch management and vulnerability remediation to shield against potential exploits. This not only mitigates immediate threats but also reinforces long-term cybersecurity strategies. Given the increasing prevalence of cyberattacks targeting known vulnerabilities, proactive measures are essential for safeguarding sensitive information and maintaining operational integrity in an increasingly digital landscape.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/04/cisa-adds-6-known-exploited-flaws-in.html)*