CISA Launches New Tool for Reporting Cyber Vulnerabilities

Banner for the Cybersecurity and Infrastructure Security Agency featuring a globe and digital network motifs.

05/21/2026 11:00 AM EDT

CISA has released a new Known Exploited Vulnerability (KEV) Nomination Form to make it even easier for organizations to report on vulnerabilities that meet the criteria for potential inclusion in the KEV Catalog. CISA maintains the catalog, an authoritative source of vulnerabilities that have been exploited in the wild, in support of network defenders and the cybersecurity community. 
 
The new form is a secure, web-based tool that will improve CISA’s ability to intake and analyze reported vulnerabilities and ensure we continue to help organizations effectively keep pace with threat activity. Vulnerabilities submitted for potential addition to the catalog must have a Common Vulnerabilities and Exposures (CVE) ID, evidence of exploitation, and clear mitigation guidance. 

Learn more about the criteria for KEV catalog submissions and CISA’s efforts to reduce KEV-related risk.