Pierluigi Paganini
January 27, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the flaws added to the catalog:
In September 2018, security researchers discovered an integer overflow vulnerability, tracked as CVE-2018-14634 (dubbed Mutagen Astronomy), in Linux Kernel that affects Red Hat, CentOS, and Debian distributions.
An unprivileged user can exploit the flaw to gain superuser access to the targeted system.
The flaw was discovered by researchers at security firm Qualys, which shared technical details of the Mutagen Astronomy vulnerabilities, including proof-of-concept (PoC) exploits (Exploit 1, Exploit 2).
The flaw affects the kernel versions released between July 2007 and July 2017, Linux Kernel versions 2.6.x, 3.10.x and 4.14.x, are vulnerable to the Mutagen Astronomy flaw.
The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 are not affected by the issue.
The Mutagen Astronomy vulnerability exists in the create_elf_tables() function in the Linux kernel that is used to manage memory tables. Like other local privilege escalation issue, the exploitation of this flaw requests the access to the targeted system and the execution of exploit code that triggers a buffer overflow.
Once the attacker has triggered a buffer overflow, it can execute arbitrary code on the affected machine and take over it.
The second flaw added to the KeV catalog is CVE-2026-21509; this week, Microsoft released out-of-band security updates to address an actively exploited Office zero-day vulnerability tracked as CVE-2026-21509.
The issue is a security feature bypass vulnerability that affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft 365 Apps for Enterprise.
“Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.” reads the advisory that confirms that the issue is actively exploited in the wild. “An attacker must send a user a malicious Office file and convince them to open it.”
The update addresses a flaw that bypasses OLE security protections in Microsoft 365 and Office, exposing users to vulnerable COM/OLE controls.
Microsoft confirmed that the Office Preview Pane is not affected and cannot be used as an attack vector. However, the tech giant did not disclose technical details about the attacks exploiting this vulnerability.
The third flaw added to the catalog is a critical vulnerability, tracked as CVE-2026-24061 (CVSS score of 9.8), in the GNU InetUtils telnet daemon (telnetd) impacts all versions from 1.9.3 to 2.7. The vulnerability can be exploited to gain root access on affected systems. Telnetd is a server implementing the DARPA Telnet protocol, typically launched by inetd to handle connections on the Telnet port, with options to run manually in debug mode or on alternate TCP ports.
The vulnerability was introduced as part of a source code commit made on March 19, 2015. The flaw remained undiscovered for nearly 11 years, posing long-standing security risks.
The remaining issues, tracked as CVE-2025-52691 and CVE-2026-23760, added to the catalog impact SmarterTools SmarterMail.
In December 2025, Singapore’s Cyber Security Agency of Singapore (CSA) warned of a maximum severity flaw, tracked as CVE-2025-52691 (CVSS score of 10.0), in SmarterMail. The vulnerability enables unauthenticated remote code execution via arbitrary file upload.
“Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.” reads CSA’s advisory.
SmarterMail is a commercial email server software developed by SmarterTools.
It’s used by businesses, hosting providers, and ISPs to run their own mail servers instead of relying on cloud services like Microsoft 365 or Google Workspace.
The vulnerability impacts SmarterMail versions Build 9406 and earlier, CSA recommends users and administrators of affected product versions to update to SmarterMail version Build 9413 immediately.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerabilities by February 16, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
