CISA adds LiteLLM and Check Point flaws to KEV
For federal networks, KEV placement turns active exploitation into a remediation clock, even when version scope still needs vendor confirmation.
TL;DR
CISA added CVE-2026-42271, a BerriAI LiteLLM command injection flaw, and CVE-2026-50751, a Check Point Security Gateway improper authentication flaw, to the Known Exploited Vulnerabilities Catalog based on active exploitation. Federal Civilian Executive Branch agencies must remediate KEV-listed vulnerabilities under Binding Operational Directive 22-01; contractors supporting federal systems should treat the entries as contract-driven patch priorities.
CISA added two actively exploited vulnerabilities to the Known Exploited Vulnerabilities Catalog: CVE-2026-42271 in BerriAI LiteLLM and CVE-2026-50751 in Check Point Security Gateway. Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed vulnerabilities by CISA’s due dates. For federal contractors, primes and managed service providers supporting government environments, the practical task is narrower and immediate: check exposure, pull the vendor remediation guidance, confirm the applicable due date in the KEV entry and document the fix path for any federal system or contract-covered environment.
Published ·Deep Fathom