By Eric Geller
Publication Date: 2026-04-21 10:33:00
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter.
The Cybersecurity and Infrastructure Security Agency on Monday said hackers were exploiting three more of the vulnerabilities in Cisco’s networking appliances that the company disclosed in late February.
CISA added the three vulnerabilities — CVE-2026-20122, CVE-2026-20128 and CVE-2026-20133 — to its Known Exploited Vulnerabilities catalog, indicating that the agency has seen these flaws being used in ongoing malicious activity.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in a statement about the addition of the three Cisco flaws and four others to the KEV.
After Cisco announced the vulnerabilities, along with several others, on Feb. 25, CISA issued an emergency directive ordering federal agencies to patch the flaws,…
