CISA adds 4 exploited flaws
- CISA on April 24 added four actively exploited bugs to its Known Exploited Vulnerabilities list: Samsung MagicINFO 9 Server, two SimpleHelp flaws, and a D-Link DIR-823X router bug. - Federal civilian agencies must fix or mitigate all four by May 8, 2026, and Samsung’s listed bug affects MagicINFO 9 Server versions before 21.1050 with arbitrary file-write impact. - The move extends CISA’s push to prioritize bugs already used in real attacks, not just newly disclosed ones. (cisa.gov)
CISA added four newly listed, actively exploited software flaws to its Known Exploited Vulnerabilities catalog on April 24. (cisa.gov) The additions are CVE-2024-7399 in Samsung MagicINFO 9 Server, CVE-2024-57726 and CVE-2024-57728 in SimpleHelp, and CVE-2025-29635 in D-Link’s DIR-823X router. (cisa.gov) Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies now have until May 8, 2026, to remediate the four bugs or follow vendor mitigation guidance. (cisa.gov) (nvd.nist.gov) The KEV list is CISA’s short list of vulnerabilities with evidence of real-world exploitation. Federal agencies are required to treat those entries as priority patching work, and CISA urges private organizations to do the same. (cisa.gov 1) (cisa.gov 2) Samsung’s entry covers MagicINFO 9 Server versions before 21.1050. The National Vulnerability Database says the path traversal flaw can let attackers write arbitrary files with system-level authority. (nvd.nist.gov) SimpleHelp’s vendor notice says versions 5.5.7 and earlier are vulnerable to CVE-2024-57726, CVE-2024-57727 and CVE-2024-57728, and it told customers to move to version 5.5.8 or later or apply patches for older supported branches. (guides.simple-help.com) CISA tied the SimpleHelp product line to real intrusions last year. In a June 12, 2025 advisory, the agency said ransomware actors had been targeting unpatched SimpleHelp remote monitoring and management software since January 2025. (cisa.gov) The D-Link case is different because the affected router is already out of support. D-Link’s April 23, 2026 update says all DIR-823X hardware revisions are end-of-life and recommends retiring and replacing the device. (supportannouncement.us.dlink.com) That means some defenders will not be choosing between patch now or patch later. For DIR-823X users, the vendor’s stated path is replacement, because firmware development and support have ceased. (supportannouncement.us.dlink.com) CISA’s April 24 alert closes with the same message it has used across the KEV program: these are the flaws already being used by attackers. The deadline is short because the exploitation is not theoretical. (cisa.gov)
