CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA has added two new vulnerabilities, CVE-2024-1708 (ConnectWise ScreenConnect Path Traversal) and CVE-2026-32202 (Microsoft Windows Protection Mechanism Failure), to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These vulnerabilities are considered significant risks, particularly for federal agencies, and prompt urgent remediation efforts.
IFF Assessment
The addition of actively exploited vulnerabilities to CISA's KEV catalog signifies a direct threat to organizations, as these flaws are already being leveraged by malicious actors.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: May 12, 2026. Known ransomware use: Unknown.
Defender Context
Organizations, especially federal agencies, must prioritize patching these newly identified vulnerabilities to mitigate active threats. The inclusion in the KEV catalog indicates these are not theoretical risks but are currently being exploited in the wild, necessitating rapid response to prevent compromise.