Fact-check: The article is from CISA, a verified government agency, and aligns with their established practices for managing known exploited vulnerabilities, including updates to their catalog and directives like BOD 22-01, with no evident contradictions in verified reporting.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added a Microsoft Windows Information Disclosure vulnerability (CVE-2026-20805) to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Federal Civilian Executive Branch agencies are required to remediate the vulnerability by a specified due date under Binding Operational Directive 22-01. CISA urges all organizations to prioritize timely remediation as part of their vulnerability management practices.