Actively Exploited Vulnerabilities Added to CISA KEV Catalog

The Cybersecurity and Infrastructure Security Agency recently expanded its primary tracking catalog. Specifically, the organization added two new actively exploited vulnerabilities to the Known Exploited Vulnerabilities list. These security bugs represent frequent attack vectors for malicious cyber actors. Consequently, attackers actively abuse these flaws to bypass system protections and access private enterprise data. Defenders must address these issues immediately to safeguard local cloud and mobile infrastructures.

Linux Namespace Isolation Bypass Flaw

The first security flaw involves an improper authentication vulnerability within the Linux Kernel. Tracked as CVE-2022-0492, this bug holds a CVSS severity score of 7.8. Specifically, the programming error resides inside the core cgroup_release_agent_write function in the subsystem code. Furthermore, this weakness allows attackers to misuse the cgroups v1 release agent feature. Adversaries can leverage this configuration blind spot under certain operational circumstances. As a result, a local attacker can elevate their privileges unexpectedly. Additionally, the exploit allows hackers to bypass standard container namespace isolation boundaries completely.

High-Severity Android Framework Exploit

The second security weakness impacts global mobile operating systems. Specifically, local attackers are currently weaponizing an Android privilege escalation flaw cataloged as CVE-2025-48595. This high-severity integer overflow bug targets the core Android Framework component. Moreover, the defect allows unauthorized entities to execute arbitrary code with elevated rights.

The threat primarily endangers modern mobile endpoints running Android 14 or later. Fortunately, Google addressed this flaw by releasing the June 2026 Android security patches. This comprehensive monthly update successfully mitigates 124 separate vulnerabilities across the mobile ecosystem.

Mandatory Federal Remediation Deadlines

Malicious cyber actors frequently utilize these types of security defects as primary entry points. Therefore, enterprise networks face severe operational disruption if systems remain unpatched. In light of these critical developments, Federal Civilian Executive Branch agencies must act swiftly. Consequently, the government requires full remediation of the identified flaws by June 5, 2026. Ultimately, enforcing strict patching timelines remains the best method to neutralize actively exploited vulnerabilities.