CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form
CISAArchived May 21, 2026✓ Full text saved
Full text archived locally
✦ AI Summary· Claude Sonnet
PRESS RELEASE
CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form
New form bolsters quality of submissions and reinforces community-driven approach to drive down our collective cybersecurity risk
ReleasedMay 21, 2026
RELATED TOPICS: CYBER THREATS AND RESPONSE, CYBERSECURITY BEST PRACTICES
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announces the availability of a new Nomination Form today that enables researchers, vendors, and industry partners to report known exploited vulnerabilities (KEV). This new reporting capability enhances CISA’s ability to quickly identify, validate, and share KEVs, critical threat information.
CISA’s KEV Nomination Form aligns with our Vulnerability Disclosure Policy (VDP) Platform and Coordinated Vulnerability Disclosure (CVD) Program, which together encourages good faith security research and promotes transparent, coordinated remediation of cyber risks. Public reporting to CISA is essential to the nation’s cybersecurity posture, helping ensure that exploited vulnerabilities are discovered early, communicated responsibly, and mitigated quickly across federal, private, and critical infrastructure networks.
“Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” said Chris Butera, CISA’s Acting Executive Assistant Director for Cybersecurity. “Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale. CISA strongly encourages researchers and organizations to share vulnerability threats and help us secure the systems Americans rely on every day.”
The KEV catalog is an authoritative source of vulnerabilities that have been confirmed as actively exploited with clear remediation guidance. In addition to this new online form, organizations or individuals will still be able to nominate a KEV via email at vulnerability@cisa.dhs.gov.
Organizations and researchers can access the KEV catalog and submit information through: CISA.gov/known-exploited-vulnerabilities-catalog.
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to manage, uncover, and reduce risk to our digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram
Related Articles
APR 23, 2026
PRESS RELEASE
CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks
FEB 11, 2026
PRESS RELEASE
CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure
DEC 09, 2025
PRESS RELEASE
CISA, FBI, and U.S. and Global Partners Urge Immediate Action to Defend Critical Infrastructure from Pro-Russia Hacktivist Threats
NOV 12, 2025
PRESS RELEASE
CISA Identifies Ongoing Cyber Threats to Cisco ASA and Firepower Devices