Regulatory tracker · agency
CISA medical device cybersecurity updates
Cybersecurity and Infrastructure Security Agency
CISA advisories, Known Exploited Vulnerabilities, and ICS bulletins that name medical device components, libraries, or vendors.
-
Apr 22, 2026·KEV updateActiveHigh impact
CISA adds Linux kernel netfilter use-after-free to KEV (CVE-2026-0511)
A use-after-free in Linux kernel netfilter (CVE-2026-0511) was added to the Known Exploited Vulnerabilities catalog, affecting many embedded Linux device platforms.
Read details -
Apr 15, 2026·KEV updateActiveHigh impact
CISA adds widely embedded BLE pairing bypass to the KEV
CISA added a BLE pairing bypass affecting an embedded Bluetooth stack used across consumer and medical wearables to the Known Exploited Vulnerabilities catalog.
Read details -
Oct 21, 2025·Pledge expansionActiveMedium impact
CISA Secure by Design pledge expanded with VEX publication expectation
CISA expanded the Secure by Design pledge so signatories are expected to publish VEX statements alongside SBOMs for shipped products.
Read details
Other agencies in the tracker
Ready when you are
Get FDA cleared without the cybersecurity headaches.
30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.