指標
🚨 今すぐ対応すべき脆弱性
米 CISA の KEV カタログ (実際に悪用が確認された脆弱性) と JPCERT/CC の注意喚起を合成し、 国内企業が利用しがちな製品グループ単位で「今、対応の優先度が高い脆弱性」をランキングしています。 本ページは 2026-06-30 時点のデータに基づきます。
今、攻撃に使われている脆弱性 Top 5
製品グループ単位での緊急度ランキング。スコア合成の詳細は下部の「この指標について」参照。
- #1
Microsoft Exchange 系
オンプレ Exchange Server は移行未了の組織がまだ多数。標的型の起点
KEV 該当 17 件 🦠 ランサム悪用 13 件 最新追加: 2026-04-13主要な CVE (上位 3 件)CVE-2023-21529 Microsoft Exchange ServerMicrosoft Exchange Server Deserialization of Untrusted Data VulnerabilityMicrosoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
2026-04-13 追加 🦠 ランサム悪用 CISA 期限: 2026-04-27対処: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2022-41080 Microsoft Exchange ServerMicrosoft Exchange Server Privilege Escalation VulnerabilityMicrosoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.
2023-01-10 追加 🦠 ランサム悪用 CISA 期限: 2023-01-31対処: Apply updates per vendor instructions.
CVE-2022-41082 Microsoft Exchange ServerMicrosoft Exchange Server Remote Code Execution VulnerabilityMicrosoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
2022-09-30 追加 🦠 ランサム悪用 CISA 期限: 2022-10-21対処: Apply updates per vendor instructions.
- #2
Microsoft Windows / Office 系
国内 PC の OS/オフィスソフト基盤。月例パッチの対象
KEV 該当 221 件 🦠 ランサム悪用 59 件 🇯🇵 JPCERT/CC 注意喚起あり 1 件 最新追加: 2026-04-28主要な CVE (上位 3 件)CVE-2026-32201 Microsoft SharePoint ServerMicrosoft SharePoint Server Improper Input Validation VulnerabilityMicrosoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
対処: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2025-49704 Microsoft SharePointMicrosoft SharePoint Code Injection VulnerabilityMicrosoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
2025-07-22 追加 🦠 ランサム悪用 CISA 期限: 2025-07-23対処: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
CVE-2025-49706 Microsoft SharePointMicrosoft SharePoint Improper Authentication VulnerabilityMicrosoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706.
2025-07-22 追加 🦠 ランサム悪用 CISA 期限: 2025-07-23対処: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- #3
Ivanti 系
リモートアクセス VPN・MDM。国内では Pulse Secure 由来製品で広範に残存
KEV 該当 38 件 🦠 ランサム悪用 14 件 最新追加: 2026-05-07主要な CVE (上位 3 件)CVE-2025-22457 Ivanti Connect Secure, Policy Secure, and ZTA GatewaysIvanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow VulnerabilityIvanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
2025-04-04 追加 🦠 ランサム悪用 CISA 期限: 2025-04-11対処: Apply mitigations as set forth in the CISA instructions linked below.
CVE-2025-0282 Ivanti Connect Secure, Policy Secure, and ZTA GatewaysIvanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow VulnerabilityIvanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
2025-01-08 追加 🦠 ランサム悪用 CISA 期限: 2025-01-15対処: Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.
CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA)Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection VulnerabilityIvanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).
2024-03-25 追加 🦠 ランサム悪用 CISA 期限: 2024-04-15対処: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- #4
Palo Alto Networks 系
次世代 FW / GlobalProtect VPN。大企業の境界に位置する
KEV 該当 14 件 🦠 ランサム悪用 5 件 最新追加: 2026-05-06主要な CVE (上位 3 件)CVE-2024-9474 Palo Alto Networks PAN-OSPalo Alto Networks PAN-OS Management Interface OS Command Injection VulnerabilityPalo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
2024-11-18 追加 🦠 ランサム悪用 CISA 期限: 2024-12-09対処: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.
CVE-2024-0012 Palo Alto Networks PAN-OSPalo Alto Networks PAN-OS Management Interface Authentication Bypass VulnerabilityPalo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.
2024-11-18 追加 🦠 ランサム悪用 CISA 期限: 2024-12-09対処: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.
CVE-2024-3400 Palo Alto Networks PAN-OSPalo Alto Networks PAN-OS Command Injection VulnerabilityPalo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
2024-04-12 追加 🦠 ランサム悪用 CISA 期限: 2024-04-19対処: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
- #5
Cisco 系
ASA/FTD/IOS など、企業ネットワークの中核機器に長年居る
KEV 該当 87 件 🦠 ランサム悪用 4 件 🇯🇵 JPCERT/CC 注意喚起あり 2 件 最新追加: 2026-04-20主要な CVE (上位 3 件)CVE-2026-20131 Cisco Secure Firewall Management Center (FMC)Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data VulnerabilityCisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
2026-03-19 追加 🦠 ランサム悪用 CISA 期限: 2026-03-22対処: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2020-3259 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)Cisco ASA and FTD Information Disclosure VulnerabilityCisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.
2024-02-15 追加 🦠 ランサム悪用 CISA 期限: 2024-03-07対処: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CVE-2023-20269 Cisco Adaptive Security Appliance and Firepower Threat DefenseCisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access VulnerabilityCisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.
2023-09-13 追加 🦠 ランサム悪用 CISA 期限: 2023-10-04対処: Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.
CISA KEV カタログへの月次追加件数 (直近 24 ヶ月)
※ 米 CISA が「悪用が確認された」と判断して同カタログに掲載した CVE の月別件数。 実際に悪用された脆弱性の発見ペースの指標として読む (発見の総量ではない)。
JPCERT/CC の最近の注意喚起
国内の公的 CSIRT が出した警告。タイトルに CVE-ID がある場合、上のランキングのスコアに反映されています。
- CVE-2026-32661
- CVE-2025-20333 / CVE-2025-20362
- CVE-2026-32201
この指標について
CISA KEV カタログは「米連邦政府機関が悪用を確認した」脆弱性のみを掲載します。実際に悪用されていてもカタログに載るまでは数日〜数週間かかることがあり、国内独自製品 (サイボウズ等) や標的型攻撃で限定的に使われる脆弱性は捕捉されにくい性質があります。
このランキングは「悪用が公的に確認された脆弱性のうち、国内でも対応の優先度が高いもの」を示すものであり、すべての緊急パッチを網羅するものではありません。各ベンダーからの個別アドバイザリも併せて確認してください。
ランキングの仕組み
各 KEV エントリに対し、以下の合計点でスコアリングし、製品グループ単位で上位 3 CVE のスコア合計が高い順に並べています。
- ベース 100 点 (KEV 掲載 = 悪用確認済み)
- 公表 7 日以内 +50 / 30 日以内 +30 / 90 日以内 +10
- ランサムウェアによる悪用が確認 +30 (KEV の
knownRansomwareCampaignUseフラグ) - JPCERT/CC が注意喚起を発出済み +25
- 国内利用想定 (Fortinet・Ivanti・Cisco・Microsoft Exchange 等) +20、その他主要海外製品 +10
※ 製品グループは src/lib/vendorGroups.ts で定義。VPN/FW/グループウェア/CMS/NAS など、国内中堅以上の組織で稼働率が高い境界・基盤製品を中心に束ねています。
なぜ製品グループ単位で見るか
1 つの CVE 単体では「自社に関係するかどうか」が判断しづらいケースが多いですが、「Fortinet 製品に直近で何件 KEV が出ているか」という粒度なら、自社が該当する/しないがすぐ分かります。
特に VPN・ファイアウォール・メールサーバ・グループウェアは、ベンダーをロックインしたら何年も使い続けるため、「あの製品グループに最近危ない CVE が連発している」というシグナルが直接的なリスク判断になります。
出典: CISA Known Exploited Vulnerabilities Catalog (catalog version: 2026.05.13)
出典: JPCERT/CC 注意喚起 (RSS: jpcert.rdf)
最終更新: 2026-05-14 (KEV) / 2026-05-14 (JPCERT/CC)