【Vulnerability Alert】CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/04/14-2026/04/19)

• Subject: 【Vulnerability Alert】CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/04/14-2026/04/19)

• Description:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202604-00000022
  • 【CVE-2009-0238】Microsoft Office Remote Code Execution (CVSS v3.1: 8.8)
  • 【Ransomware Exploitation: Unknown】 A remote code execution vulnerability exists in Microsoft Office Excel. If a user opens a specially crafted Excel file containing abnormal objects, an attacker could gain complete control over the affected system.
  • 【CVE-2026-32201】Microsoft SharePoint Server Improper Input Validation Vulnerability (CVSS v3.1: 6.5)
  • 【Ransomware Exploitation: Unknown】 An improper input validation vulnerability exists in Microsoft SharePoint Server, which may allow an unauthorized attacker to perform spoofing attacks over the network.
  • 【CVE-2026-34197】Apache ActiveMQ Improper Input Validation Vulnerability (CVSS v3.1: 8.8)
  • 【Ransomware Exploitation: Unknown】 An improper input validation vulnerability exists in Apache ActiveMQ. An attacker could exploit this weakness to perform code injection and execute unauthorized commands on the system.
• Affected Platforms:
  • 【CVE-2009-0238】 Please refer to the affected versions listed by the official source: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
  • 【CVE-2026-32201】 Please refer to the affected versions listed by the official source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
  • 【CVE-2026-34197】 Please refer to the affected versions listed by the official source: https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt
• Recommended Actions:
  • 【CVE-2009-0238】 The official fix update has been released; please update to the relevant version:
  • https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009
  • 【CVE-2026-32201】 The official fix update has been released; please update to the relevant version:
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
  • 【CVE-2026-34197】 The official fix update has been released; please update to the relevant version:
  • https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt

Computer and Communication Center
Network Systems Division