CISA 2026-04-28

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Machine-generated analysis · WAYSCloud LLM

Two vulnerabilities involving remote access and system protection mechanisms have been added to the KEV Catalog due to observed exploitation.

Context

ConnectWise ScreenConnect is a remote access solution used for technical support and remote control. The advisory states that CVE-2024-1708 is a path traversal vulnerability that has been actively exploited. Microsoft Windows includes built-in security features to restrict unauthorized access to system resources. The advisory states that CVE-2026-32202 involves a protection mechanism failure in Windows that has also been exploited in the wild.

Operator considerations

Isolate: Restrict network access to ScreenConnect instances and limit exposure of Windows systems to untrusted networks.

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability

CVE-2026-32202 Microsoft Windows Protection Mechanism Failure Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more...

Read the full advisory on CISA →