CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs May 21, 2026

CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form

CISA Archived May 21, 2026 ✓ Full text saved
Full text archived locally
✦ AI Summary · Claude Sonnet


    PRESS RELEASE CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form New form bolsters quality of submissions and reinforces community-driven approach to drive down our collective cybersecurity risk ReleasedMay 21, 2026 RELATED TOPICS: CYBER THREATS AND RESPONSE, CYBERSECURITY BEST PRACTICES WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announces the availability of a new Nomination Form today that enables researchers, vendors, and industry partners to report known exploited vulnerabilities (KEV). This new reporting capability enhances CISA’s ability to quickly identify, validate, and share KEVs, critical threat information. CISA’s KEV Nomination Form aligns with our Vulnerability Disclosure Policy (VDP) Platform and Coordinated Vulnerability Disclosure (CVD) Program, which together encourages good faith security research and promotes transparent, coordinated remediation of cyber risks. Public reporting to CISA is essential to the nation’s cybersecurity posture, helping ensure that exploited vulnerabilities are discovered early, communicated responsibly, and mitigated quickly across federal, private, and critical infrastructure networks. “Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” said Chris Butera, CISA’s Acting Executive Assistant Director for Cybersecurity. “Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale. CISA strongly encourages researchers and organizations to share vulnerability threats and help us secure the systems Americans rely on every day.” The KEV catalog is an authoritative source of vulnerabilities that have been confirmed as actively exploited with clear remediation guidance. In addition to this new online form, organizations or individuals will still be able to nominate a KEV via email at vulnerability@cisa.dhs.gov. Organizations and researchers can access the KEV catalog and submit information through: CISA.gov/known-exploited-vulnerabilities-catalog. ### About CISA As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to manage, uncover, and reduce risk to our digital and physical infrastructure Americans rely on every hour of every day.  Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram Related Articles APR 23, 2026 PRESS RELEASE CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks FEB 11, 2026 PRESS RELEASE CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure DEC 09, 2025 PRESS RELEASE CISA, FBI, and U.S. and Global Partners Urge Immediate Action to Defend Critical Infrastructure from Pro-Russia Hacktivist Threats NOV 12, 2025 PRESS RELEASE CISA Identifies Ongoing Cyber Threats to Cisco ASA and Firepower Devices
    💬 Team Notes
    Article Info
    Source
    CISA
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    May 21, 2026
    Archived
    May 21, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗