{"id":21770,"date":"2026-07-10T09:00:00","date_gmt":"2026-07-10T09:00:00","guid":{"rendered":"https:\/\/www.securitytoday.de\/?p=21770"},"modified":"2026-07-10T18:05:13","modified_gmt":"2026-07-10T18:05:13","slug":"four-gaps-in-the-kev-one-takes-cloud-key-away","status":"publish","type":"post","link":"https:\/\/www.securitytoday.de\/en\/2026\/07\/10\/four-gaps-in-the-kev-one-takes-cloud-key-away\/","title":{"rendered":"Four Gaps in the KEV \u2013 One Takes Cloud Key Away"},"content":{"rendered":"<p><strong>On July 7, the US agency CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog and gave its federal agencies just three days to patch them. Affected systems include Adobe ColdFusion, two Joomla frameworks, and Langflow-a tool for building AI agents. For German security teams, this list isn\u2019t just a US administrative act-it\u2019s a prioritization signal.<\/strong><\/p>\n<div style=\"background:#003340;color:#fff;padding:32px 36px;margin:32px 0;border-radius:8px;\">\n<p style=\"color:#69d8ed;text-transform:uppercase;letter-spacing:0.08em;font-size:0.82em;font-weight:700;margin:0 0 16px;\">Key Takeaways<\/p>\n<ul style=\"margin:0;padding-left:22px;color:rgba(255,255,255,0.92);line-height:1.6;\">\n<li style=\"margin-bottom:12px;\"><strong style=\"color:#69d8ed;\">Four in one day.<\/strong> CISA lists ColdFusion, Langflow, and two Joomla page builders as actively exploited; the patch deadline for US agencies expired on July 10.<\/li>\n<li style=\"margin-bottom:12px;\"><strong style=\"color:#69d8ed;\">Exploitation outweighs score.<\/strong> A KEV entry documents a real-world attack-stronger motivation to patch than a high CVSS score alone.<\/li>\n<li><strong style=\"color:#69d8ed;\">AI tools in the crosshairs.<\/strong> Langflow appears in the catalog for the second time. Attackers used the flaw to steal cloud and AI keys.<\/li>\n<\/ul>\n<\/div>\n<p style=\"border-top:1px solid rgba(230,227,218,0.14);border-bottom:1px solid rgba(230,227,218,0.14);padding:14px 0;margin:28px 0;font-size:0.92em;color:#b8c5ce;\"><strong style=\"color:#69d8ed;\">Related:<\/strong> <a href=\"https:\/\/www.securitytoday.de\/en\/2026\/05\/31\/type-confusion-in-chromes-v8-why-the-same-class-of-vulnerabilities-keeps\/\">Type Confusion in Chrome\u2019s V8: The Bug That Keeps Coming Back<\/a> &nbsp;\u00b7&nbsp; <a href=\"https:\/\/www.securitytoday.de\/en\/2026\/05\/06\/cpanel-whm-cve-2026-41940-bsi-warnung-dach-webhoster\/\">The Backdoor in Nearly Every German Web-Hosting Contract<\/a><\/p>\n<h2 style=\"margin-top:48px;margin-bottom:18px;\">Four Gaps, a Three-Day Deadline<\/h2>\n<p><strong>What is the CISA KEV catalog?<\/strong> The Known Exploited Vulnerabilities list highlights flaws for which the US agency CISA has confirmed real-world exploitation. Each entry signals an attack observed in the wild, backed by concrete incidents.<\/p>\n<p>Three of the four entries carry the maximum score of 10.0; the Langflow case sits at 9.9. In Adobe ColdFusion, a path-traversal flaw enables remote code execution-Adobe only released the patch on 30 June. Two Joomla extensions, SP Page Builder and Page Builder CK, can be hijacked without authentication via file upload. Yet one entry stands out.<\/p>\n<div data-element=\"comparison_table\" style=\"overflow-x:auto;-webkit-overflow-scrolling:touch;margin:28px 0;\">\n<table style=\"width:100%;min-width:640px;border-collapse:collapse;font-size:0.92em;\">\n<thead>\n<tr style=\"border-bottom:2px solid #69d8ed;\">\n<th style=\"text-align:left;padding:12px 14px;color:#e6e3da;\">Product<\/th>\n<th style=\"text-align:left;padding:12px 14px;color:#e6e3da;\">CVE<\/th>\n<th style=\"text-align:left;padding:12px 14px;color:#e6e3da;\">CVSS<\/th>\n<th style=\"text-align:left;padding:12px 14px;color:#e6e3da;\">Vulnerability<\/th>\n<th style=\"text-align:left;padding:12px 14px;color:#e6e3da;\">Fixed in Version<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr style=\"border-bottom:1px solid rgba(230,227,218,0.12);\">\n<td style=\"padding:11px 14px;color:#e6e3da;\">Adobe ColdFusion<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">CVE-2026-48282<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">10.0<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Path Traversal, Code Execution<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">2025 Update 10 \/ 2023 Update 21<\/td>\n<\/tr>\n<tr style=\"border-bottom:1px solid rgba(230,227,218,0.12);\">\n<td style=\"padding:11px 14px;color:#e6e3da;\">Langflow<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">CVE-2026-55255<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">9.9<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Cross-Tenant Access (IDOR)<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">1.9.1<\/td>\n<\/tr>\n<tr style=\"border-bottom:1px solid rgba(230,227,218,0.12);\">\n<td style=\"padding:11px 14px;color:#e6e3da;\">SP Page Builder<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">CVE-2026-48908<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">10.0<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Unauthenticated File Upload, RCE<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">6.6.2<\/td>\n<\/tr>\n<tr style=\"\">\n<td style=\"padding:11px 14px;color:#e6e3da;\">Page Builder CK<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">CVE-2026-56290<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">10.0<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Unauthenticated File Upload, RCE<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">3.6.0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>The tight deadline is no accident. Since directive BOD 26-04, CISA has prioritized risk over fixed time windows. When attack surface, KEV status and technical impact align, the window shrinks to three days. German firms aren\u2019t legally bound by the deadline, yet the signal-showing which gaps are actively exploited-still matters.<\/p>\n<h2 style=\"margin-top:48px;margin-bottom:18px;\">Why an AI Building Kit in the Crosshairs<\/h2>\n<p>Langflow is an open-source tool that lets teams click together LLM workflows and AI agents. Such instances often run self-hosted in development, stuffed with real credentials. That\u2019s precisely what makes them valuable targets.<\/p>\n<p>CVE-2026-55255 is an inter-tenant access flaw. An attacker executes workflows under a foreign flow ID, gaining access to resources they don\u2019t own. Researchers at Sysdig watched attackers leverage this route to exfiltrate stored keys via prompt: OpenAI, Anthropic and AWS tokens ended up outside. A hijacked dev tool thus becomes a launchpad straight into the cloud.<\/p>\n<p>What\u2019s striking is the repeat. Back in March, Langflow appeared again with another critical entry. Two strikes in a few months reveal a pattern: AI dev tools are becoming their own attack surface, frequently installed outside the security team\u2019s line of sight.<\/p>\n<h2 style=\"margin-top:48px;margin-bottom:18px;\">What the entry means for German teams<\/h2>\n<p>Formally, the CISA deadline only applies to US federal agencies. In practice, however, many German teams have long treated the KEV catalog as an early-warning system. It answers the question that internal scoring models leave open: Which vulnerability is currently being exploited in the wild?<\/p>\n<p>This question carries weight because the gap between attack and response is widening. Why a high CVSS score alone doesn\u2019t determine priority has been covered in detail <a href=\"https:\/\/www.securitytoday.de\/en\/2026\/06\/04\/patch-prioritization-cvss-overwhelming-soc\/\">elsewhere<\/a>. Here, the practical point matters: a KEV entry turns a \u201cshould-fix\u201d into a \u201cmust-fix.\u201d<\/p>\n<div data-element=\"stat_row\" style=\"display:flex;flex-wrap:wrap;gap:16px;margin:32px 0;\">\n<div style=\"flex:1 1 200px;min-width:0;background:#003340;border:1px solid rgba(105,216,237,0.28);border-radius:10px;padding:22px 20px;box-sizing:border-box;\">\n<div style=\"font-size:2.1em;font-weight:800;color:#69d8ed;line-height:1.1;word-break:keep-all;\">119<\/div>\n<p style=\"margin:10px 0 0;font-size:0.88em;color:#e6e3da;line-height:1.5;\">new vulnerabilities registered by BSI per day, up 24 percent<\/p>\n<\/div>\n<div style=\"flex:1 1 200px;min-width:0;background:#003340;border:1px solid rgba(105,216,237,0.28);border-radius:10px;padding:22px 20px;box-sizing:border-box;\">\n<div style=\"font-size:1.7em;font-weight:800;color:#69d8ed;line-height:1.1;word-break:keep-all;\">43 days<\/div>\n<p style=\"margin:10px 0 0;font-size:0.88em;color:#e6e3da;line-height:1.5;\">median time to patch, up from 32 (Verizon DBIR 2026)<\/p>\n<\/div>\n<div style=\"flex:1 1 200px;min-width:0;background:#003340;border:1px solid rgba(105,216,237,0.28);border-radius:10px;padding:22px 20px;box-sizing:border-box;\">\n<div style=\"font-size:2.1em;font-weight:800;color:#69d8ed;line-height:1.1;word-break:keep-all;\">31 %<\/div>\n<p style=\"margin:10px 0 0;font-size:0.88em;color:#e6e3da;line-height:1.5;\">of security incidents begin with an exploited vulnerability (Verizon DBIR 2026)<\/p>\n<\/div>\n<\/div>\n<p>When you weigh 119 new vulnerabilities per day against a 43-day patch cycle, you can\u2019t close everything at once. The KEV catalog provides the tie-breaking rule.<\/p>\n<h2 style=\"margin-top:48px;margin-bottom:18px;\">Setting the priority in your own environment<\/h2>\n<p>The first step is unglamorous yet critical: know what\u2019s running. Without an up-to-date asset inventory, every KEV alert remains abstract.<\/p>\n<div data-element=\"checklist\" style=\"background:#23261f;border:1px solid rgba(105,216,237,0.22);border-radius:10px;padding:22px 24px;margin:32px 0;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 2px 10px rgba(0,0,0,0.22);\">\n<p style=\"margin:0 0 12px;font-family:'IBM Plex Mono',ui-monospace,SFMono-Regular,monospace;font-size:0.72em;letter-spacing:0.12em;text-transform:uppercase;color:#69d8ed;\">Check immediately<\/p>\n<ul style=\"margin:0;padding-left:0;list-style:none;\">\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Cross-check inventory: Is ColdFusion, Langflow, or either of the two Joomla extensions running in your environment? Which versions?<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Apply patches: ColdFusion 2025 Update 10 or 2023 Update 21, Langflow 1.9.1, SP Page Builder 6.6.2, Page Builder CK 3.6.0.<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>For Langflow, rotate every stored credential: OpenAI, Anthropic, AWS keys, and database secrets.<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Inspect logs: unexpected upload calls in Joomla, foreign flow executions in Langflow.<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Treat publicly exposed instances first, internal systems afterward.<\/li>\n<\/ul>\n<\/div>\n<p>With Langflow, the patch isn\u2019t enough. If you had the affected version in production, assume credentials have already leaked. Rotating keys is part of the remediation, not a later maintenance task.<\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Frequently Asked Questions<\/h2>\n<p class=\"st-faq-hint\">Each question is locked. Clicking it unlocks the answer.<\/p>\n<details>\n<summary><strong>What does inclusion in the KEV catalog mean?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">CISA only lists a vulnerability when active exploitation has been confirmed. The entry represents a verified in-the-wild attack, not a theoretical risk-distinct from a plain CVSS score.<\/p>\n<\/details>\n<details>\n<summary><strong>Does the CISA deadline also apply to German companies?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Legally, no. The deadline only binds U.S. federal agencies. Many German security teams, however, treat the catalog as an early-warning signal because it highlights which gaps are actively being exploited.<\/p>\n<\/details>\n<details>\n<summary><strong>Which of the four vulnerabilities is the most urgent?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">That depends on your own inventory. Publicly reachable ColdFusion servers and unprotected Joomla sites are immediately exposed. Langflow deserves extra attention because exposed credentials may already have leaked, so patching alone isn\u2019t enough.<\/p>\n<\/details>\n<details>\n<summary><strong>Why is Langflow particularly risky?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">The tool often stores real AI and cloud access keys and frequently runs outside official IT oversight. The flaw lets attackers extract those keys, opening a path into connected cloud environments.<\/p>\n<\/details>\n<details>\n<summary><strong>Is applying the patches sufficient?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">For ColdFusion and the Joomla extensions, the patch closes the gap. With Langflow, you must also rotate every stored credential because those keys may already be compromised.<\/p>\n<\/details>\n<h3 style=\"margin:48px 0 18px;padding-left:12px;font-size:1.05em;font-weight:800;color:#e6e3da;border-left:3px solid #69d8ed;line-height:1.2;\">Editor\u2019s Reading Picks<\/h3>\n<p><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/05\/29\/the-token-that-bypasses-mfa-why-oauth-theft-is-the-new-entry-point\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/06\/oauth-token-diebstahl-mfa-umgehung-device-code-saas-soc-cover-hero-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Reading Tip<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">OAuth Token Theft: How Attackers Bypass MFA<\/span><\/span><\/a><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/05\/14\/ivanti-connect-secure-back-on-the-cisa-kev-third-incident-in-18-months\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/05\/ivanti-connect-secure-cisa-kev-vpn-initial-access-2026-cover-hero-2-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Reading Tip<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">Ivanti Connect Secure Back in CISA KEV: Third Incident in 18 Months<\/span><\/span><\/a><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/06\/22\/the-splunk-vulnerability-that-deletes-log-files-without-authentication\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/06\/cover-hero-11-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Reading Tip<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">The Splunk Flaw That Wipes Files Without a Login<\/span><\/span><\/a><\/p>\n<h3 style=\"margin:48px 0 18px;padding-left:12px;font-size:1.05em;font-weight:800;color:#e6e3da;border-left:3px solid #69d8ed;line-height:1.2;\">More from the MBF Media Network<\/h3>\n<p><a href=\"https:\/\/www.cloudmagazin.com\/2026\/07\/08\/ki-modell-denken-anthropic-j-space\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-ki-modell-denken-anthropic-j-space-86585047.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#0bb7fd;margin-bottom:5px;\">cloudmagazin<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">For the first time ever, you can watch an AI think<\/span><\/span><\/a><a href=\"https:\/\/mybusinessfuture.com\/gtia-mitgliedschaft-hersteller-partnernetzwerk\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-gtia-mitgliedschaft-hersteller-partnerne-97163278-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#aa8ac2;margin-bottom:5px;\">MyBusinessFuture<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">For manufacturers who want more \u2013 How a GTIA membership strengthens your entire partner network<\/span><\/span><\/a><a href=\"https:\/\/www.digital-chiefs.de\/konglomerat-holding-aumovio-tkms-siemens-it-carve-out-2026\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-konglomerat-holding-aumovio-tkms-siemens-42852037-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#e8828d;margin-bottom:5px;\">Digital Chiefs<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">The IT department decides whether the spin-off pays off<\/span><\/span><\/a><\/p>\n<p style=\"font-style:italic;text-align:right;font-size:0.85em;color:#888;margin-top:8px;\">Image source: AI-generated (July 2026)<\/p>\n","protected":false},"excerpt":{"rendered":"CISA has added four actively exploited vulnerabilities to the KEV catalog, including ColdFusion and Langflow. Here\u2019s why this matters for German teams.","protected":false},"author":10,"featured_media":21766,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"CISA takes several actions","_yoast_wpseo_title":"Four Gaps in the KEV \u2013 One Takes Cloud Key Away","_yoast_wpseo_metadesc":"CISA adds 4 exploited vulnerabilities to KEV, including ColdFusion & Langflow. Why this matters for German teams.","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/vier-luecken-im-kev-eine-zieht-cloud-schluessel-ab-cover-hero.jpg","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/vier-luecken-im-kev-eine-zieht-cloud-schluessel-ab-cover-hero.jpg","_yoast_wpseo_twitter-image-id":0,"evm_cvss":0,"evm_risk":0,"evm_casefile":"","evm_primary_cve":"","_evm_translation_lang":"","featured_post":0,"featured_post_sortierung":0,"_wp_old_slug":[],"footnotes":""},"categories":[254],"tags":[],"class_list":["post-21770","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-praxis-umsetzung"],"evm_reading_time_minutes":6,"wpml_language":"en","wpml_translation_of":21765,"_links":{"self":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/21770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/comments?post=21770"}],"version-history":[{"count":1,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/21770\/revisions"}],"predecessor-version":[{"id":21771,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/21770\/revisions\/21771"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media\/21766"}],"wp:attachment":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media?parent=21770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/categories?post=21770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/tags?post=21770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}