CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA’s latest KEV update reflects a growing trend of government agencies cataloguing actively exploited vulnerabilities to drive coordinated remediation. By flagging two Apple kernel bugs, a WebKit memory‑corruption issue, a Craft CMS code‑injection flaw, and a Laravel Livewire remote‑execution bug, the agency signals that these weaknesses have moved beyond theoretical risk. Their CVSS ratings—ranging from 7.8 to a perfect 10—combined with publicly disclosed patches, create a clear deadline for federal IT teams to prioritize updates before the April 2026 cutoff.

The real‑world impact of these flaws is evident in the DarkSword exploit kit, which leverages the Apple vulnerabilities to deliver malware families such as GhostBlade and GhostSaber. Simultaneously, Iran‑aligned MuddyWater has weaponized the Laravel Livewire bug to infiltrate diplomatic and energy sectors, employing AI‑enhanced implants and sophisticated phishing infrastructure. These campaigns illustrate how quickly zero‑day exploits can be integrated into state‑sponsored toolchains, amplifying threats to critical infrastructure, finance, and maritime operations worldwide.

For enterprises and government entities alike, the advisory underscores the necessity of rapid patch deployment, continuous vulnerability scanning, and threat‑intel integration. Organizations should align patch cycles with CISA’s timeline, validate remediation through automated testing, and monitor for indicators of compromise linked to DarkSword and MuddyWater activity. Proactive measures—such as network segmentation, endpoint detection, and incident‑response rehearsals—will mitigate the risk of exploitation and preserve operational resilience in an increasingly hostile cyber landscape.