CISA adds 8 KEV flaws
- Federal cybersecurity officials added eight actively exploited vulnerabilities to the Known Exploited Vulnerabilities (KEV) list this week. - The update comes with federal deadlines to patch or mitigate by April–May 2026 for affected agencies. - The change follows reporting that AI is speeding breach timelines and pressures agencies to rush fixes (x.com, x.com)
The Cybersecurity and Infrastructure Security Agency added eight newly confirmed, actively exploited software flaws to its Known Exploited Vulnerabilities list on April 20. (cisa.gov) The additions span PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE Systems Management Appliance, Synacor Zimbra Collaboration Suite, and three Cisco Catalyst SD-WAN Manager bugs: CVE-2023-27351, CVE-2024-27199, CVE-2025-2749, CVE-2025-32975, CVE-2025-48700, CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133. (cisa.gov) For federal civilian agencies, the list is not advisory. Under Binding Operational Directive 22-01, agencies must fix or mitigate listed bugs by CISA’s due dates, and the April 20 entries in the catalog show May 4, 2026 deadlines for TeamCity, Quest KACE, and Cisco SD-WAN items. (cisa.gov, cisa.gov) The catalog is CISA’s running list of vulnerabilities already used in real intrusions, not a forecast of what attackers might try next. CISA says it adds a flaw only when it has reliable evidence that threat actors are exploiting it against public or private organizations. (cisa.gov, cisa.gov) Several of the products on this week’s list are widely used administrative tools. JetBrains said CVE-2024-27199 could let an unauthenticated attacker bypass authentication and gain administrative control of an on-premises TeamCity server, while PaperCut said CVE-2023-27351 could expose stored user information without a login. (jetbrains.com, papercut.com) The Cisco entries land on top of a separate federal push already underway. On February 25, 2026, CISA issued Emergency Directive 26-03 for Cisco SD-WAN systems, saying a significant cyber threat was targeting federal networks using certain Cisco products and software. (cisa.gov, cisa.gov) CISA’s KEV catalog had 1,577 entries when viewed on April 22, 2026, underscoring how large the backlog of known, in-the-wild attack paths has become. The agency tells organizations to use the list as a patching priority guide, even though the federal deadlines apply only to civilian executive-branch agencies. (cisa.gov, cisa.gov) The immediate next step is simple and narrow: check whether any of the eight products are in your environment, then apply vendor fixes or CISA’s mitigation guidance before the federal due dates arrive in early May. (cisa.gov, cisa.gov)
