Overview
- CISA expanded its Known Exploited Vulnerabilities catalog Monday with eight flaws across Cisco Catalyst SD‑WAN Manager, PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE SMA, and Synacor Zimbra.
- Federal Civilian Executive Branch agencies must fix the Cisco Catalyst SD‑WAN Manager and Zimbra bugs by April 23, 2026, with the remaining issues due by May 4, 2026.
- Under Binding Operational Directive 22‑01, a KEV listing makes remediation mandatory for federal agencies and signals urgent risk reduction steps for private organizations.
- Cisco reported in March 2026 that attackers were exploiting CVE‑2026‑20122 and CVE‑2026‑20128 in SD‑WAN Manager, and a third flaw, CVE‑2026‑20133, now on KEV exposes sensitive information even as Cisco’s advisory has not yet reflected in‑the‑wild abuse.
- Other listed bugs have clear abuse histories, including PaperCut CVE‑2023‑27351 tied to Cl0p and LockBit ransomware and Quest KACE CVE‑2025‑32975 observed in attacks last month, underscoring how weaknesses in management and email systems can enable broad compromise.