Critical active threat
CVE-2026-3909 Google Skia Out-of-Bounds Write
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Google Skia Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.