CISA has launched a new public form and email pathway for researchers, vendors, and industry partners to submit vulnerabilities for possible inclusion in its Known Exploited Vulnerabilities (KEV) catalog. The change affects no single CVE or product; instead it creates a formal process for reporting suspected exploited-in-the-wild flaws to CISA, with submitters asked to provide vulnerability details and evidence of active exploitation so the agency can validate and potentially add them to KEV.
Why it matters: The KEV catalog is one of the main lists defenders use to decide what to patch first, so a faster path for outside researchers to report exploitation could speed warnings and remediation across government and private networks. Security teams should expect KEV to remain a key prioritization source and monitor for any changes in how quickly new exploited bugs are added.
SecurityWeek News
2026.05.22
88% relevant
The article notes CISA's new KEV nomination form as one of the week's items, which is the same policy/process update about opening a public channel for Known Exploited Vulnerabilities submissions.
2026.05.22
100% relevant
This article establishes a distinct story about CISA changing the KEV intake process itself, rather than adding any specific vulnerability already tracked.
← Back to all stories