CISA Known Exploited Vulnerabilities

This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).

CVE-2026-32202

Microsoft Windows Protection Mechanism Failure Vulnerability

Vendor: Microsoft

Product: Windows

Added: 2026-04-28

Due Date: 2026-05-12

Description:

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-693

CVE-2025-29635

D-Link DIR-823X Command Injection Vulnerability

Vendor: D-Link

Product: DIR-823X

Added: 2026-04-24

Due Date: 2026-05-08

Description:

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-77

CVE-2024-7399

Samsung MagicINFO 9 Server Path Traversal Vulnerability

Vendor: Samsung

Product: MagicINFO 9 Server

Added: 2026-04-24

Due Date: 2026-05-08

Description:

Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-22 CWE-434

CVE-2024-57728

Ransomware

SimpleHelp Path Traversal Vulnerability

Vendor: SimpleHelp

Product: SimpleHelp

Added: 2026-04-24

Due Date: 2026-05-08

Description:

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-22

CVE-2024-57726

Ransomware

SimpleHelp Missing Authorization Vulnerability

Vendor: SimpleHelp

Product: SimpleHelp

Added: 2026-04-24

Due Date: 2026-05-08

Description:

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-862

CVE-2026-39987

Marimo Remote Code Execution Vulnerability

Vendor: Marimo

Product: Marimo

Added: 2026-04-23

Due Date: 2026-05-07

Description:

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-306

CVE-2026-33825

Ransomware

Microsoft Defender Insufficient Granularity of Access Control Vulnerability

Vendor: Microsoft

Product: Defender

Added: 2026-04-22

Due Date: 2026-05-06

Description:

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-1220

CVE-2026-20122

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

Vendor: Cisco

Product: Catalyst SD-WAN Manger

Added: 2026-04-20

Due Date: 2026-04-23

Description:

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

Required Action:

Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

CWEs:

CWE-648

CVE-2026-20133

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Vendor: Cisco

Product: Catalyst SD-WAN Manager

Added: 2026-04-20

Due Date: 2026-04-23

Description:

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.

Required Action:

Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

CWEs:

CWE-200

CVE-2025-2749

Kentico Xperience Path Traversal Vulnerability

Vendor: Kentico

Product: Kentico Xperience

Added: 2026-04-20

Due Date: 2026-05-04

Description:

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-22 CWE-434

CVE-2023-27351

Ransomware

PaperCut NG/MF Improper Authentication Vulnerability

Vendor: PaperCut

Product: NG/MF

Added: 2026-04-20

Due Date: 2026-05-04

Description:

PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-287

CVE-2025-48700

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Vendor: Synacor

Product: Zimbra Collaboration Suite (ZCS)

Added: 2026-04-20

Due Date: 2026-04-23

Description:

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-79

CVE-2026-20128

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability

Vendor: Cisco

Product: Catalyst SD-WAN Manager

Added: 2026-04-20

Due Date: 2026-04-23

Description:

Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.

Required Action:

Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

CWEs:

CWE-257

CVE-2025-32975

Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Vendor: Quest

Product: KACE Systems Management Appliance (SMA)

Added: 2026-04-20

Due Date: 2026-05-04

Description:

Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-287

CVE-2024-27199

Ransomware

JetBrains TeamCity Relative Path Traversal Vulnerability

Vendor: JetBrains

Product: TeamCity

Added: 2026-04-20

Due Date: 2026-05-04

Description:

JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-23