You are currently viewing CISA Adds Plex and XStream Vulnerabilities to KEV List

CISA Adds Plex and XStream Vulnerabilities to KEV List

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: a remote code execution flaw in Plex Media Server and a remote code execution flaw in XStream. Both have remediation due dates of March 31, 2023. Some reports have indicated that the breach of a LastPass engineer’s computer may have been conducted through a Plex vulnerability. More info https://www.cisa.gov/known-exploited-vulnerabilities-catalog