Severity: CRITICAL - Active Exploitation Confirmed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six newly confirmed vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active, in-the-wild exploitation. The affected products - Fortinet firewalls, Microsoft software, and Adobe Acrobat - are among the most widely deployed enterprise tools across East African government ministries, commercial banks, and telecommunications providers.

These are not theoretical risks. CISA's KEV catalog lists only vulnerabilities with confirmed, real-world exploitation. If your organization runs any of these products and has not applied patches, you are operating with an open door.

The Threat

The six vulnerabilities span a dangerous range of attack types:

  • CVE-2026-21643 (CVSS 9.1) - SQL injection vulnerability allowing attackers to read, modify, or delete database contents without authentication.
  • CVE-2020-9715 (Adobe Acrobat) - A use-after-free flaw in Adobe Acrobat, actively re-exploited via malicious PDF files distributed through phishing emails.
  • CVE-2012-1854 (Microsoft Visual Basic for Applications) - An insecure library loading flaw that enables privilege escalation on Windows systems - still being exploited in 2025 despite being over a decade old.
  • Additional Fortinet and Microsoft flaws with CVSS scores above 8.0, enabling remote code execution and credential theft.

The inclusion of a 2012-era Microsoft vulnerability is a stark warning: threat actors are actively scanning for and targeting organizations running unpatched legacy systems - a profile that matches many institutions across Kenya, Ethiopia, and Somalia.

Impact Assessment for East Africa

Financial institutions across Kenya and Ethiopia that rely on Fortinet network perimeter defenses face the most immediate risk. A compromised Fortinet appliance gives an attacker a foothold inside the core network - bypassing all internal controls. Under CBK Cybersecurity Guidelines and the National Bank of Ethiopia's IT directives, a breach originating from an unpatched, known vulnerability constitutes a reportable compliance failure with potential licensing consequences.

Government ministries and GovTech agencies using Microsoft enterprise environments - including those processing citizen data under Kenya's Data Protection Act 2019 - are exposed to the SQL injection and privilege escalation vectors. An attacker gaining database access could exfiltrate national ID records, procurement data, or financial system credentials.

Adobe Acrobat exploitation is especially relevant in regional contexts where PDF remains the dominant document format for contracts, tenders, and inter-agency communications. A single malicious PDF opened by a finance officer or procurement manager is enough to initiate a full compromise chain.

Immediate Actions - Do These Now

  • Audit your Fortinet, Microsoft, and Adobe deployments immediately. Cross-reference your installed versions against the CISA KEV catalog entries for CVE-2026-21643, CVE-2020-9715, and CVE-2012-1854.
  • Apply all available vendor patches within 24-48 hours. CISA's federal agencies are mandated to patch within 72 hours. Apply the same urgency to your organization regardless of sector.
  • Disable or isolate unpatched systems that cannot be immediately updated - particularly legacy Windows environments running older VBA-enabled Office suites.
  • Block and inspect all inbound PDF attachments at your email gateway until Adobe Acrobat patches are confirmed deployed across all endpoints.
  • Review firewall and network perimeter logs for the past 30 days for anomalous outbound connections, lateral movement, or unusual authentication attempts - signs of a compromise that may already be in progress.

DRONGO Recommendation

Organizations in East Africa often lack the internal capacity to track KEV updates, validate patch status across distributed environments, and correlate logs for signs of active compromise. DRONGO's Managed SOC and Vulnerability Management services provide continuous monitoring tied directly to threat intelligence feeds including the CISA KEV catalog - so your team is never the last to know.

Is your organization protected? Request a free security assessment.