CISA Adds Eight Known Exploited Vulnerabilities to Catalog
Summary
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating they are actively being exploited. These vulnerabilities include issues in software like PaperCut, JetBrains TeamCity, and Cisco Catalyst SD-WAN Manager, and pose significant risks to organizations.
IFF Assessment
The addition of actively exploited vulnerabilities to a public catalog signals an increased threat landscape and potential for widespread compromise.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: April 23, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching or mitigating the listed vulnerabilities, especially those in widely used software like PaperCut and Cisco products. The inclusion of these CVEs in CISA's KEV Catalog means they are currently a target for threat actors, making timely remediation critical to prevent breaches.