CISA Releases New Known Exploited Vulnerability Nomination Form
Cybersecurity and Infrastructure Security Agency sent this bulletin at 05/21/2026 10:59 AM EDT
You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated and is now available.
CISA has released a new Known Exploited Vulnerability (KEV) Nomination Form to make it even easier for organizations to report on vulnerabilities that meet the criteria for potential inclusion in the KEV Catalog. CISA maintains the catalog, an authoritative source of vulnerabilities that have been exploited in the wild, in support of network defenders and the cybersecurity community.
The new form is a secure, web-based tool that will improve CISA’s ability to intake and analyze reported vulnerabilities and ensure we continue to help organizations effectively keep pace with threat activity. Vulnerabilities submitted for potential addition to the catalog must have a Common Vulnerabilities and Exposures (CVE) ID, evidence of exploitation, and clear mitigation guidance.
Learn more about the criteria for KEV catalog submissions and CISA’s efforts to reduce KEV-related risk.
Please share your thoughts with us through this anonymous survey. We appreciate your feedback.
This product is provided subject to this Notification and this Privacy & Use policy.