Is CVE-2026-10520 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-10520 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-10520

Binding Operational Directive 26-04 replaces the old 30-day patch window with risk-based timelines. Publicly exposed, auto-exploitable vulnerabilities in the KEV catalog get a 3-day deadline. The directive cites AI-accelerated exploitation as the reason. WordPress sites with 18,210 CVEs just became a compliance crisis.

2026

What WebPulse reported · 1 analysis

CISA's New Directive: 3 Days to Patch the Worst Vulnerabilities. Not 30. Not 14. Three.

Binding Operational Directive 26-04 replaces the old 30-day patch window with risk-based timelines. Publicly exposed, auto-exploitable vulnerabilities in the KE

June 16, 2026

View CVE-2026-10520 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657