---
title: "CISA Adds 8 Actively Exploited Vulnerabilities to KEV Catalog"
short_title: "CISA warns of 8 exploited vulnerabilities"
description: "CISA updates its KEV Catalog with 8 new actively exploited vulnerabilities, urging immediate patching to protect federal and private sector networks from cyberattacks."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, kev catalog, cybersecurity, vulnerabilities, cve]
score: 0.92
cve_ids: [CVE-2023-27351, CVE-2024-27199, CVE-2025-2749, CVE-2025-32975, CVE-2025-48700, CVE-2026-20122, CVE-2026-20128, CVE-2026-20133]
---
## TL;DR
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation in the wild. These flaws pose significant risks to federal agencies and private organizations, requiring immediate remediation. Failure to patch could expose systems to cyberattacks, data breaches, and unauthorized access.
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its warnings by adding eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities, actively exploited by malicious cyber actors, target widely used software and infrastructure, posing severe risks to both federal agencies and private sector organizations.
### Key Points
- CISA’s KEV Catalog now includes eight new vulnerabilities based on evidence of active exploitation.
- Federal agencies are required to patch these vulnerabilities by specified deadlines under Binding Operational Directive (BOD) 22-01.
- Private organizations are strongly urged to prioritize remediation to reduce exposure to cyberattacks.
- The vulnerabilities affect PaperCut, JetBrains TeamCity, Kentico Xperience, Quest KACE, Synacor Zimbra, and Cisco Catalyst SD-WAN Manager.
Technical Details
The newly added vulnerabilities span a range of software and systems, each with unique exploitation risks:
| CVE ID | Affected Software | Vulnerability Type | Impact |
|-----------------------|-------------------------------------|------------------------------------------------|----------------------------------------------------------------------------|
| CVE-2023-27351 | PaperCut NG/MF | Improper Authentication | Unauthorized access, potential data breaches |
| CVE-2024-27199 | JetBrains TeamCity | Relative Path Traversal | Unauthorized file access, remote code execution |
| CVE-2025-2749 | Kentico Xperience | Path Traversal | Unauthorized access to sensitive files |
| CVE-2025-32975 | Quest KACE Systems Management Appliance | Improper Authentication | Unauthorized system access, privilege escalation |
| CVE-2025-48700 | Synacor Zimbra Collaboration Suite | Cross-Site Scripting (XSS) | Session hijacking, phishing attacks |
| CVE-2026-20122 | Cisco Catalyst SD-WAN Manager | Incorrect Use of Privileged APIs | Unauthorized API access, potential system compromise |
| CVE-2026-20128 | Cisco Catalyst SD-WAN Manager | Storing Passwords in a Recoverable Format | Credential theft, unauthorized access |
| CVE-2026-20133 | Cisco Catalyst SD-WAN Manager | Exposure of Sensitive Information | Data leaks, unauthorized system access |
### Impact Assessment
These vulnerabilities are frequent attack vectors for cybercriminals and nation-state actors. Exploitation can lead to:
- Unauthorized access to sensitive data and systems.
- Remote code execution (RCE), allowing attackers to take control of affected systems.
- Data breaches, compromising personal, financial, or proprietary information.
- Disruption of critical services, particularly in federal agencies and enterprises.
Federal agencies under the Federal Civilian Executive Branch (FCEB) are mandated to remediate these vulnerabilities by the deadlines specified in BOD 22-01. However, CISA emphasizes that all organizations, regardless of sector, should prioritize patching to mitigate risks.
### Mitigation Steps
To protect against these vulnerabilities, organizations should:
1. Immediately apply patches or updates provided by the vendors.
2. Review CISA’s KEV Catalog for the latest guidance and deadlines.
3. Monitor systems for signs of exploitation, such as unusual network traffic or unauthorized access attempts.
4. Implement multi-factor authentication (MFA) to add an extra layer of security.
5. Conduct regular vulnerability scans to identify and remediate potential weaknesses.
## Conclusion
CISA’s addition of these eight vulnerabilities to the KEV Catalog underscores the urgent need for organizations to prioritize cybersecurity. With active exploitation confirmed, delaying remediation could expose systems to severe cyber threats. Federal agencies must comply with BOD 22-01, while private organizations should treat these vulnerabilities as critical priorities in their vulnerability management strategies.
For more details, refer to CISA’s official advisory.
## References
[^1]: CISA. "CISA Adds Eight Known Exploited Vulnerabilities to Catalog". Retrieved 2024-10-02.
[^2]: CISA. "Known Exploited Vulnerabilities Catalog". Retrieved 2024-10-02.
[^3]: CISA. "Binding Operational Directive (BOD) 22-01". Retrieved 2024-10-02.