CISA Introduces New Form for Reporting Known Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) launched a new nomination form allowing researchers, vendors, and industry partners to report known exploited vulnerabilities for potential inclusion in its Known Exploited Vulnerabilities (KEV) catalog. The form provides an additional submission method alongside the existing email option (vulnerability@cisa.dhs.gov). The initiative aims to streamline collaboration with external contributors identifying exploited vulnerabilities. No specific technical details, dates, or CVE IDs were mentioned in the announcement. The reporting mechanism is available to organizations and individuals in the U.S. government’s cybersecurity ecosystem.