Known Exploited Vulnerability (KEV)
What is Known Exploited Vulnerability (KEV)?
Known Exploited Vulnerability (KEV)A CVE that the U.S. CISA confirms is being actively exploited and adds to its public KEV Catalog, triggering remediation deadlines for U.S. federal agencies.
The CISA Known Exploited Vulnerabilities Catalog lists CVEs with reliable evidence of in-the-wild exploitation against real targets. Under Binding Operational Directive 22-01, U.S. federal civilian agencies must remediate listed entries by a published due date, typically two weeks for newly added items. While the catalog is U.S.-government driven, private organizations worldwide treat it as a high-signal prioritization feed — KEV inclusion is one of the strongest indicators that a vulnerability deserves emergency patching. KEV is commonly combined with CVSS severity and EPSS probability inside risk-based vulnerability management programmes.
● Examples
- 01
CVE-2021-44228 (Log4Shell) added to KEV shortly after disclosure.
- 02
CVE-2017-0144 (EternalBlue) — listed for years due to ongoing ransomware abuse.
● Frequently asked questions
What is Known Exploited Vulnerability (KEV)?
A CVE that the U.S. CISA confirms is being actively exploited and adds to its public KEV Catalog, triggering remediation deadlines for U.S. federal agencies. It belongs to the Vulnerabilities category of cybersecurity.
What does Known Exploited Vulnerability (KEV) mean?
A CVE that the U.S. CISA confirms is being actively exploited and adds to its public KEV Catalog, triggering remediation deadlines for U.S. federal agencies.
How do you defend against Known Exploited Vulnerability (KEV)?
Defences for Known Exploited Vulnerability (KEV) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Known Exploited Vulnerability (KEV)?
Common alternative names include: CISA KEV, KEV Catalog entry.