🎯Basically, CISA found eight security flaws that hackers are using, and agencies need to fix them quickly.
What Happened
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This update is crucial as it highlights flaws that are actively being exploited in the wild. Among these vulnerabilities, three specifically affect Cisco Catalyst SD-WAN Manager, underscoring the urgency for organizations to address these issues promptly.
The Vulnerabilities
Here’s a brief overview of the newly added vulnerabilities:
- CVE-2023-27351 (CVSS score: 8.2) - An improper authentication vulnerability in PaperCut NG/MF that allows attackers to bypass authentication.
- CVE-2024-27199 (CVSS score: 7.3) - A relative path traversal vulnerability in JetBrains TeamCity, enabling limited admin actions.
- CVE-2025-2749 (CVSS score: 7.2) - A path traversal vulnerability in Kentico Xperience, allowing unauthorized data uploads.
- CVE-2025-32975 (CVSS score: 10.0) - An improper authentication flaw in Quest KACE Systems Management Appliance, permitting user impersonation.
- CVE-2025-48700 (CVSS score: 6.1) - A cross-site scripting vulnerability in Synacor Zimbra Collaboration Suite, which can lead to unauthorized access to sensitive information.
- CVE-2026-20122 (CVSS score: 5.4) - An incorrect use of privileged APIs in Cisco Catalyst SD-WAN Manager, allowing file uploads and privilege escalation.
- CVE-2026-20128 (CVSS score: 7.5) - A vulnerability related to storing passwords in a recoverable format in Cisco Catalyst SD-WAN Manager.
- CVE-2026-20133 (CVSS score: 6.5) - An exposure of sensitive information vulnerability in Cisco Catalyst SD-WAN Manager.
Who's Affected
Federal Civilian Executive Branch (FCEB) agencies are particularly affected by these vulnerabilities. CISA has set deadlines for these organizations to implement patches: three Cisco vulnerabilities must be addressed by April 23, 2026, and the remaining vulnerabilities by May 4, 2026.
What You Should Do
Organizations, especially those within the federal sector, should prioritize patching these vulnerabilities. Here are some recommended actions:
Containment
- 1.Assess your systems for the listed vulnerabilities and determine if they are present.
- 2.Implement patches as soon as they are available to mitigate risks associated with these vulnerabilities.
Remediation
- 3.Monitor for unusual activity that could indicate exploitation attempts, especially for the Cisco vulnerabilities.
- 4.Stay informed about updates from CISA and other cybersecurity agencies regarding these vulnerabilities.
Conclusion
The addition of these vulnerabilities to the KEV catalog serves as a critical reminder of the ever-evolving threat landscape. Organizations must remain vigilant and proactive in their cybersecurity measures to protect sensitive data and maintain operational integrity.
🔒 Pro insight: The inclusion of these vulnerabilities in CISA's KEV catalog signals heightened risk; organizations must act swiftly to mitigate potential breaches.
