CISA Adds Two Known Exploited Vulnerabilities to Catalog

Release Date: April 28, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog with two critical security flaws that demonstrate evidence of active exploitation in real-world environments.

The newly cataloged vulnerabilities include:

• CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability
• CVE-2026-32202 Microsoft Windows Protection Mechanism Failure Vulnerability

Security professionals recognize these vulnerability types as preferred attack vectors utilized by threat actors, presenting substantial risks to federal information systems and infrastructure.

Understanding the KEV Catalog Framework

The KEV Catalog operates under the authority of Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. This directive establishes the catalog as a comprehensive, continuously updated repository of Common Vulnerabilities and Exposures (CVEs) that present elevated threats to federal operations.

BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies implement remediation measures for cataloged vulnerabilities within specified timeframes. This requirement ensures proactive defense against documented threats targeting federal networks and systems.

Industry-Wide Security Recommendations

While BOD 22-01 specifically governs FCEB agencies, CISA emphasizes that all organizations should integrate KEV Catalog vulnerabilities into their vulnerability management frameworks. Organizations can significantly reduce their attack surface by prioritizing remediation of these documented threats.

CISA maintains its commitment to updating the catalog with additional vulnerabilities that satisfy the agency's established inclusion criteria, ensuring the cybersecurity community has access to current threat intelligence for defensive planning.