CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 22, 2026

CISA’s new KEV nomination form opens reporting to vendors and researchers

Help Net Security Archived May 22, 2026 ✓ Full text saved

The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit vulnerabilities to CISA. Email submissions remain available at vulnerability@cisa.dhs.gov for organizations and individuals who prefer that route. “Every day, CISA collaborates with security researchers and industry partn

Full text archived locally
✦ AI Summary · Claude Sonnet


    Anamarija Pogorelec, Managing Editor, Help Net Security May 22, 2026 Share CISA’s new KEV nomination form opens reporting to vendors and researchers The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit vulnerabilities to CISA. Email submissions remain available at vulnerability@cisa.dhs.gov for organizations and individuals who prefer that route. “Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” Chris Butera, CISA’s Acting Executive Assistant Director for Cybersecurity said. “Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale. CISA strongly encourages researchers and organizations to share vulnerability threats and help us secure the systems Americans rely on every day.” Context for the change CISA started the KEV catalog in November 2021 and has grown it steadily. The agency has drawn criticism for being slow to add actively exploited bugs. Opening up outside reporting should help the agency add actively exploited bugs faster and keep the list current. Submissions still have to meet the existing bar: an assigned CVE, confirmed exploitation, and remediation guidance. Download: 2026 SANS Identity Threats & Defenses Survey More about CISA government USA Share
    💬 Team Notes
    Article Info
    Source
    Help Net Security
    Category
    ◇ Industry News & Leadership
    Published
    May 22, 2026
    Archived
    May 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗