CISA’s new KEV nomination form opens reporting to vendors and researchers

CISA has launched a public nomination form to let researchers, vendors, and industry partners report known exploited vulnerabilities for potential inclusion in its Known Exploited Vulnerabilities (KEV) catalog. The change aims to accelerate additions to KEV amid criticism about slow updates; submissions still must meet existing requirements (assigned CVE, confirmed exploitation, and remediation guidance), and email submissions remain available.