U.S. CISA Adds Google Dawn Vulnerability to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability in Google Dawn, tracked as CVE-2026-5281 with a CVSS score of 8.8, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is classified as a use-after-free issue in the Dawn component. No specific exploitation timeline, affected versions, or impacted systems were detailed beyond the inclusion in the KEV catalog. The action was taken by CISA, a U.S. federal agency, as part of its vulnerability management efforts. The vulnerability’s inclusion indicates active exploitation or significant risk.