The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws affecting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
The vulnerabilities are listed below.
CVE-2024-1708 (CVSS Score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect could allow an attacker to execute remote code or directly impact sensitive data or critical systems. (Fixed in February 2024) CVE-2026-32202 (CVSS Score: 4.3) – A protection mechanism failure vulnerability in the Microsoft Windows Shell could allow an unauthorized attacker to perform spoofing on the network. (revised April 2026)
The addition of CVE-2026-32202 to the KEV catalog comes a day after Microsoft updated its advisory for this flaw and acknowledged that the flaw was being actively exploited.
Microsoft did not disclose the nature of the attack that exploited the flaw, but Akamai said the vulnerability was due to an incomplete patch for CVE-2026-21510, which the Russian hacker group APT28 has exploited as a zero-day alongside CVE-2026-21513 in attacks targeting Ukraine and EU countries since December 2025.
Meanwhile, attacks exploiting CVE-2024-1708 have been chained together with CVE-2024-1709 (CVSS score: 10.0), a critical authentication bypass vulnerability, by multiple attackers over the years. Earlier this month, Microsoft linked exploitation of this flaw to a China-based attacker it tracks as Storm-1175 in an attack deploying Medusa ransomware.
It is worth noting that CISA added CVE-2024-1709 to the KEV catalog on February 22, 2024. Federal Civilian Executive Branch (FCEB) agencies have until May 12, 2026 to apply the necessary fixes to secure their networks.
Source link
