Fact-check: The article's claims are consistent with CISA's established practices for managing known exploited vulnerabilities, as verified through official CISA sources and directives like Binding Operational Directive 22-01. The information aligns with the Critical Infrastructure situation context, and there are no apparent contradictions in verified reporting. As the source is directly from CISA Alerts, it is well-sourced and reliable.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added a new actively exploited vulnerability to its Known Exploited Vulnerabilities Catalog: CVE-2026-20045, a code injection flaw affecting Cisco Unified Communications Products. Federal Civilian Executive Branch agencies are required to remediate the vulnerability by a specified due date under Binding Operational Directive 22-01. CISA urges all organizations to prioritize timely remediation as part of their vulnerability management practices.