CISA Adds Critical Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, April 28, 2026. This decision is based on evidence of active exploitation of the vulnerabilities. The affected systems are ConnectWise ScreenConnect and Microsoft Windows.

The first vulnerability, CVE-2024-1708, is a Path Traversal vulnerability in ConnectWise ScreenConnect. This vulnerability has a CVSS score of 8.4, making it a critical threat to the affected systems. Path Traversal allows attackers to access files and directories outside the intended access scope. The second vulnerability pertains to Microsoft Windows, with specific details about this vulnerability not disclosed in the CISA announcement. However, its inclusion in the KEV catalog indicates that this vulnerability is also being actively exploited.

CISA recommends that organizations promptly check their systems for the latest security updates. In the past, CISA has taken similar actions to protect organizations from active threats. The inclusion in the KEV catalog indicates that the vulnerabilities are not merely theoretical but are already being exploited by attackers. Companies are urged to strengthen their security measures and implement the relevant patches in a timely manner. Vulnerabilities in software products pose a growing risk to businesses, especially at a time when cyberattacks are becoming increasingly sophisticated.

In recent years, CISA has emphasized the need to quickly address vulnerabilities to minimize potential damage. The current situation underscores the urgency of regularly installing security updates. CISA has also stressed that collaboration between businesses and security agencies is crucial to mitigate the impacts of cyberattacks. The agency has provided various resources to assist companies in identifying and addressing vulnerabilities, including guidelines and risk assessment tools.

The vulnerability CVE-2024-1708 affects a wide range of users utilizing ConnectWise ScreenConnect. This software is commonly used for remote access and support services, making it an attractive target for attackers. CISA has urged users to take immediate action to protect their systems. The response from the IT community to the CISA announcement has been mixed. Some experts warn of the potential consequences of inadequate responses to the vulnerabilities.

Others emphasize the importance of proactive security measures and regular employee training to minimize the risk of cyberattacks. CISA will continue to monitor the situation and provide further information as necessary. Companies should stay informed about the latest developments in cybersecurity and ensure they have the necessary resources to respond to threats. The agency plans to release more details about the affected vulnerabilities in the coming weeks. The vulnerability CVE-2024-1708 has already been classified as critical by several security researchers, highlighting the urgency of remediation. Companies using ConnectWise ScreenConnect should immediately review their systems and install the recommended security updates. CISA did not specify a timeline for the provision of patches in its announcement; however, affected companies are expected to act quickly to secure their systems.