🎯Basically, CISA found eight security flaws that hackers are actively using and wants organizations to fix them quickly.
What Happened
On April 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. This catalog highlights vulnerabilities that are actively exploited in the wild, posing significant risks to federal networks and beyond.
The Vulnerabilities
The newly added vulnerabilities include:
- CVE-2023-27351: PaperCut NG/MF Improper Authentication Vulnerability
- CVE-2024-27199: JetBrains TeamCity Relative Path Traversal Vulnerability
- CVE-2025-2749: Kentico Xperience Path Traversal Vulnerability
- CVE-2025-32975: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- CVE-2025-48700: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- CVE-2026-20122: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- CVE-2026-20128: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- CVE-2026-20133: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
These vulnerabilities are common attack vectors for malicious cyber actors, making them critical for organizations to address.
Who's Affected
While the Binding Operational Directive (BOD) 22-01 applies specifically to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly recommends that all organizations prioritize the remediation of these vulnerabilities. Ignoring these risks could lead to severe consequences, including data breaches and unauthorized access.
What You Should Do
Organizations should take the following steps to mitigate risks associated with these vulnerabilities: By acting swiftly, organizations can significantly reduce their exposure to cyberattacks and protect sensitive data from exploitation.
Containment
- 1.Assess: Review your systems for the listed CVEs and determine if they are in use.
- 2.Remediate: Apply patches or implement workarounds as soon as possible.
Remediation
- 3.Monitor: Stay informed about updates to the KEV Catalog and other emerging threats.
- 4.Educate: Make sure your team understands the importance of addressing these vulnerabilities promptly.
🔒 Pro insight: The addition of these vulnerabilities to the KEV Catalog underscores the urgency for organizations to implement robust vulnerability management practices.
