CISA adds exploited KNX and Oracle E-Business Suite flaws to KEV catalog

CISA adds exploited KNX and Oracle E-Business Suite flaws to KEV catalog

CISA added exploited KNX Protocol and Oracle E-Business Suite flaws to its KEV catalog, signaling urgent remediation priority.

Format News Brief
Read Time 2 min
Category Cyber Security
Updated Jul 16, 2026

CISA has added two more actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, putting federal agencies and private defenders on notice that the bugs are no longer theoretical patch-management items.

The July 15 alert names CVE-2023-4346, a KNX Association KNX Protocol connection authorization issue, and CVE-2026-46817, an Oracle E-Business Suite improper privilege management vulnerability. CISA says both entries were added based on evidence of active exploitation, the key threshold for inclusion in the KEV catalog.

Why the additions matter

The KEV catalog is not a complete list of severe vulnerabilities. It is a narrower operational list for flaws that CISA believes attackers are already using in the wild and that have clear mitigation guidance. That makes the catalog useful for teams trying to prioritize scarce remediation time across large inventories, especially when internet-facing systems and business applications compete with routine monthly patch cycles.

The two additions also span different parts of the technology estate. KNX is a building and automation protocol used in environments such as lighting, HVAC, and facility control systems, where authorization weaknesses can matter beyond conventional IT. Oracle E-Business Suite, meanwhile, is a major enterprise application platform that often holds sensitive business, financial, and identity-linked workflow data.

  • CVE-2023-4346: CISA identifies the issue as an overly restrictive account lockout mechanism vulnerability in the KNX Protocol connection authorization option 1.
  • CVE-2026-46817: CISA identifies the Oracle E-Business Suite issue as improper privilege management.

Under Binding Operational Directive 26-04, Federal Civilian Executive Branch agencies must use the KEV catalog in risk-based vulnerability management and prioritize remediation of high-risk exposed assets. CISA notes that the directive applies to federal civilian agencies, but it continues to encourage all organizations to use KEV entries as a signal for urgent review.

For defenders, the practical next step is to check whether affected KNX or Oracle E-Business Suite deployments are present, confirm vendor mitigation status, and look for signs of compromise before treating patching as complete. CISA specifically says agencies should account for the possibility that threat actors compromised systems before fixes were applied.

Sources

Cover photo by panumas nikhomkhai on Pexels, used under the Pexels License.

Comments (0)

Leave a Comment

Loading comments...