CISA added one actively exploited vulnerability to the KEV Catalog on 2026-05-22, but the specific CVE ID, affected vendor, and affected product were not resolvable from available source data. Direct review of the CISA advisory is required before exposure can be assessed. Federal Civilian Executive Branch agencies face a mandatory BOD 22-01 remediation deadline. All organizations should treat KEV additions as high-priority triage items.