{"id":653,"date":"2026-04-21T07:13:53","date_gmt":"2026-04-21T07:13:53","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=653"},"modified":"2026-04-21T07:13:53","modified_gmt":"2026-04-21T07:13:53","slug":"cisa-adds-8-exploited-flaws-to-kev-sets-april-may-2026-federal-deadlines","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=653","title":{"rendered":"CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Apr 21, 2026<\/span><\/span><span class=\"p-tags\">Network Security \/ Threat Intelligence<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjzjZ6Llk3l-F3OFNRpNKvTziH1GObU6niwTMke4hEeI5bVXCcILs3kb25Dehkk1VCBf8NzEEPMLxElgbqLzAq0I1GuFAsDojdbVw-R6CGW6-qMXPaeiKXzQqn9JUL-VoPCVMx8h7FrOXIovnLwLv7T-O2wLdc4kIDA0bftbBDp9kwoDmqq6iYYlaZF6Qaz\/s1700-e365\/cisa-kev.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/04\/20\/cisa-adds-eight-known-exploited-vulnerabilities-catalog\">added<\/a> eight new vulnerabilities to its Known Exploited Vulnerabilities (<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">KEV<\/a>) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation.<\/p>\n<p>The list of vulnerabilities is as follows &#8211;<\/p>\n<ul>\n<li><strong>CVE-2023-27351<\/strong> (CVSS score: 8.2) &#8211; An improper authentication vulnerability in PaperCut NG\/MF that could allow an attacker to bypass authentication on affected installations via the SecurityRequestFilter class.<\/li>\n<li><strong>CVE-2024-27199<\/strong> (CVSS score: 7.3) &#8211; A relative path traversal vulnerability in JetBrains TeamCity that could allow an attacker to perform limited admin actions.<\/li>\n<li><strong>CVE-2025-2749<\/strong> (CVSS score: 7.2) &#8211; A path traversal vulnerability in Kentico Xperience that could allow an authenticated user&#8217;s Staging Sync Server to upload arbitrary data to path relative locations.<\/li>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-agentic-guide-d-3\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgKLSgj9Smgyqpn4Kj-zAzWxJG1LUku8TpOERMxD6_hmMZQtXRFYXU-NA2ocnjrRafjkLtrxujKRuBstSZ4Il5z6hOu4oa7UM1FjkNoRQqrF5MWlShygYIqpnMGxHX2RHEBh9Y40x-p4PKn3cSlaWTEwKiVBDSoJgLPzR09dmp8HBffLlIqro73HVD30D00\/s728-e100\/nudge-d-3.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<li><strong>CVE-2025-32975<\/strong> (CVSS score: 10.0) &#8211; An improper authentication vulnerability in Quest KACE Systems Management Appliance (SMA) that could allow an attacker to impersonate legitimate users without valid credentials.\u00a0<\/li>\n<li><strong>CVE-2025-48700<\/strong> (CVSS score: 6.1) &#8211; A cross-site scripting vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow an attacker to execute arbitrary JavaScript within the user&#8217;s session, resulting in unauthorized access to sensitive information.<\/li>\n<li><strong>CVE-2026-20122<\/strong> (CVSS score: 5.4) &#8211; An incorrect use of privileged APIs vulnerability in Cisco Catalyst SD-WAN Manager that could allow an attacker to upload and overwrite arbitrary files on the affected system and gain vmanage user privileges.<\/li>\n<li><strong>CVE-2026-20128<\/strong> (CVSS score: 7.5) &#8211; A storing passwords in a recoverable format vulnerability in Cisco Catalyst SD-WAN Manager that could allow an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.<\/li>\n<li><strong>CVE-2026-20133<\/strong> (CVSS score: 6.5) &#8211; An exposure of sensitive information to an unauthorized actor vulnerability in Cisco Catalyst SD-WAN Manager that could allow remote attackers to view sensitive information on affected systems.<\/li>\n<\/ul>\n<p>It&#8217;s worth noting that CISA added CVE-2024-27198, another flaw impacting on-premise versions of JetBrains TeamCity, to the KEV catalog in March 2024. It&#8217;s not known at this stage if both vulnerabilities are being exploited together and if the activity is the work of the same threat actor.<\/p>\n<p>The exploitation of CVE-2023-27351, on the other hand, was attributed to Lace Tempest in April 2023 in connection with attacks delivering Cl0p and LockBit ransomware families.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/fast-response-not-fast-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjgi9mu68zRUz1nCLLKmkAA2aBtNfP_JOTXulZoB6yImso1Onk7oM_LI0kdROu8fq5S5oDyMtd1j50W44Ye_8Sl3zQZiE8A9tmFr6kejGKjGh74uoxluF-RyBq_unDQlzjXZHCqQeuYXBoogda5zf0w-zXd6v0rIM7fEw6TcFf_QGWBu5Mop-djkEaOUa5A\/s728-e100\/tl-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>As for CVE-2025-32975, Arctic Wolf said it observed unknown threat actors weaponizing the bug to target unpatched SMA systems as late last month, although the exact end goals of the campaign remain unknown.<\/p>\n<p>Cisco, for its part, also said it became aware of the exploitation of CVE-2026-20122 and CVE-2026-20128 in March 2026. The company has yet to <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-sdwan-authbp-qwCX8D4v#:~:text=Exploitation%20and%20Public%20Announcements\">revise its advisory<\/a> to reflect the in-the-wild abuse of CVE-2026-20133.<\/p>\n<p>In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies have been recommended to address the three Cisco vulnerabilities by April 23, 2026, and the rest by May 4, 2026.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Apr 21, 2026Network Security \/ Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including&hellip;<\/p>\n","protected":false},"author":1,"featured_media":654,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[200,1309,62,1311,128,1310,11,203,1308],"class_list":["post-653","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-adds","tag-aprilmay","tag-cisa","tag-deadlines","tag-exploited","tag-federal","tag-flaws","tag-kev","tag-sets"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/653","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=653"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/653\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/654"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=653"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=653"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=653"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}