Print - 【Vulnerability Alert】CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/04/14-2026/04/19)

【Vulnerability Alert】CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/04/14-2026/04/19)

publish date : 2026-04-24 update date : 2026-04-30

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026042310040404	Publication Time	2026/04/23 10:11
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/04/23 10:11
Impact Level	Low
[Subject] 【Vulnerability Alert】CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/04/14-2026/04/19)
[Content] Forwarded from TWCERTCC-200-202604-00000022 【CVE-2009-0238】Microsoft Office Remote Code Execution (CVSS v3.1: 8.8) 【Ransomware Exploitation Status: Unknown】 Microsoft Office Excel contains a remote code execution vulnerability. If a user opens a specially crafted Excel file containing a malformed object, an attacker may use this vulnerability to fully compromise the affected system. 【CVE-2026-32201】Microsoft SharePoint Server Improper Input Validation Vulnerability (CVSS v3.1: 6.5) 【Ransomware Exploitation Status: Unknown】 Microsoft SharePoint Server contains an improper input validation vulnerability, which may allow an unauthorized attacker to conduct spoofing attacks over a network. 【CVE-2026-34197】Apache ActiveMQ Improper Input Validation Vulnerability (CVSS v3.1: 8.8) 【Ransomware Exploitation Status: Unknown】 Apache ActiveMQ contains an improper input validation vulnerability. An attacker may exploit this weakness to carry out code injection and further execute unauthorized commands on the system. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] 【CVE-2009-0238】Please refer to the affected versions listed by the official vendor: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 【CVE-2026-32201】Please refer to the affected versions listed by the official vendor: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 【CVE-2026-34197】Please refer to the affected versions listed by the official vendor: https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt
[Recommended Actions] 【CVE-2009-0238】 The official vendor has released a security update to address this vulnerability. Please update to the relevant version. https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 【CVE-2026-32201】 The official vendor has released a security update to address this vulnerability. Please update to the relevant version. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 【CVE-2026-34197】 The official vendor has released a security update to address this vulnerability. Please update to the relevant version. https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center