Actively Exploited Vulnerabilities Added to CISA KEV Catalog

CISA added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities list: CVE-2022-0492, a Linux kernel cgroup_release_agent_write authentication flaw that can allow local privilege escalation and container namespace isolation bypass, and CVE-2025-48595, a high-severity Android Framework integer overflow enabling privilege escalation on Android 14+ (Google released June 2026 patches). Federal Civilian Executive Branch agencies are required to fully remediate these flaws by June 5, 2026.