Vulnerability Management , Patch/Configuration Management CISA adds ConnectWise, Microsoft flaws to KEV catalog April 30, 2026 Share By Laura French The Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities — one in ConnectWise ScreenConnect and one in Microsoft Windows — to the Known Exploited Vulnerabilities catalog on Tuesday. The ScreenConnect vulnerability, tracked as CVE-2024-1708 , is a path traversal flaw with a CVSS score of 8.4. The Windows vulnerability, a protection mechanism failure in Windows Shell, is tracked as CVE-2026-32202 and has a CVSS score of 4.3. CVE-2024-1708 was first disclosed in February 2024 and could allow a malicious ScreenConnect extension to write files outside of its own subdirectory to achieve remote code execution (RCE). While achieving RCE with this vulnerability would require administrator access to use the Extensions functionality, according to Huntress , it could be chained with the critical authentication bypass vulnerability tracked as CVE-2024-1709 to gain such access. The researchers noted that CVE-2024-1709, which was given a CVSS score of 10.0, could be exploited on its own to achieve RCE, with the flaw being added to the KEV catalog on Feb. 22, 2024. With the addition of CVE-2024-1708 to the catalog, federal civilian executive branch (FCEB) agencies are required to patch the flaw by May 12, 2026. The vulnerability was patched in ScreenConnect version 23.9.8. The Windows flaw is also tied to a previously exploited vulnerability. CVE-2026-32202, disclosed and patched on April 14, 2026 , was noted by Akamai researchers to involve an incomplete patch of CVE-2026-21510, a zero-day exploited by the Russian threat group APT28, also known as Fancy Bear. CVE-2026-21510, which was added to the KEV catalog on Feb. 10, 2026, allowed a malicious LNK file to be executed without triggering a Microsoft Defender SmartScreen warning prompt. Akamai found that while the patch fixes the SmartScreen bypass, it fails to prevent Windows from initiating a server message block (SMB) connection to the attacker’s server when rendering the contents of the folder containing the malicious LNK file. This leads to a zero-click vulnerability where the automatic SMB connection triggers an NTLM authentication handshake with the attacker’s server, providing a Net-NTLMv2 hash that could be leveraged for NTLM relay attacks, the researchers wrote. Microsoft updated its advisory on April 27, noting exploitation of the vulnerability had been detected. FCEB agencies are required to remediate CVE-2026-32202 by May 12, 2026. Laura French Related Vulnerability Management GitHub vulnerability CVE-2026-3854 allows code execution with a single git push SC Staff April 29, 2026 The vulnerability, CVE-2026-3854, arises from improper handling of special elements within GitHub Enterprise Server. IoT Vulnerabilities found in Zero Motorcycles and Yadea scooters SC Staff April 29, 2026 US-based Zero Motorcycles is affected by a medium severity vulnerability (CVE-2026-1354) in firmware version 44 and earlier. AI/ML Wiz launches Red Agent for AI vulnerability simulation SC Staff April 29, 2026 The expansion adds support for Databricks and studio environments, including AWS Agentcore, Gemini Enterprise Agent Platform, and Salesforce Agentforce, addressing the risk created when autonomous agents gain access to live data. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds