HomeIntelligenceBrief
🛡️ VULNERABILITY BRIEF🟠 High📋 Advisory

CISA Adds Eight Actively Exploited Vulnerabilities to KEV Catalog – Immediate Remediation Required

CISA has placed eight CVEs into its Known Exploited Vulnerabilities catalog after observing active attacks. The vulnerabilities affect a diverse set of software products, creating supply‑chain risk for any organization that relies on these vendors. TPRM teams should accelerate patching and verify third‑party remediation.

🛡️ LiveThreat™ Intelligence · 📅 April 21, 2026· 📰 cisa.gov
🟠
Severity
High
📋
Type
Advisory
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
4 recommended
📰
Source
cisa.gov

CISA Adds Eight Actively Exploited Vulnerabilities to KEV Catalog – Immediate Remediation Required

What It Is – The Cybersecurity and Infrastructure Security Agency (CISA) announced that eight CVEs have been added to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation in the wild. The list spans a range of products from document‑printing solutions to SD‑WAN management platforms.

Exploitability – All eight vulnerabilities are confirmed to be exploited by threat actors; public proof‑of‑concepts and malicious activity have been observed. CVSS scores range from 7.5 to 9.8, indicating high to critical severity.

Affected Products

  • PaperCut NG/MF (Improper Authentication) – CVE‑2023‑27351
  • JetBrains TeamCity (Relative Path Traversal) – CVE‑2024‑27199
  • Kentico Xperience (Path Traversal) – CVE‑2025‑2749
  • Quest KACE Systems Management Appliance (Improper Authentication) – CVE‑2025‑32975
  • Synacor Zimbra Collaboration Suite (XSS) – CVE‑2025‑48700
  • Cisco Catalyst SD‑WAN Manager (Privileged API misuse, password storage, info exposure) – CVE‑2026‑20122, CVE‑2026‑20128, CVE‑2026‑20133

TPRM Impact – These flaws are common entry points for supply‑chain attacks, credential theft, and lateral movement. Third‑party vendors that embed any of the listed components in their services inherit the risk, potentially exposing downstream customers to data breach or service disruption.

Recommended Actions

  • Prioritize patching or mitigation for the eight KEV‑listed CVEs across all third‑party contracts.
  • Verify that vendors have applied the latest security updates or provided compensating controls.
  • Update vulnerability‑management policies to include CISA’s KEV catalog as a mandatory remediation source.
  • Conduct a rapid risk assessment of any internal systems that integrate the affected products.
  • Document remediation timelines to satisfy BOD 22‑01 compliance for federal customers and align with best‑practice TPRM standards.

Source: CISA Advisory – Eight Known Exploited Vulnerabilities Added to KEV Catalog (2026‑04‑20)

📰 Original Source
https://www.cisa.gov/news-events/alerts/2026/04/20/cisa-adds-eight-known-exploited-vulnerabilities-catalog

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

🛡️

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →