The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, incorporating eight additional flaws. Among these, three have not been previously identified as exploited, drawing attention from cybersecurity experts.
Cisco Catalyst SD-WAN Vulnerability
One of the prominent vulnerabilities is identified as CVE-2026-20133, a high-severity flaw in Cisco Catalyst SD-WAN Manager. Initially addressed in February, this bug could potentially allow unauthorized access to the system’s API, exposing sensitive information.
This particular flaw, along with CVE-2026-20122 and CVE-2026-20128, both related to SD-WAN vulnerabilities, was acknowledged by Cisco in March. CISA has now officially added these to the KEV list, emphasizing the need for immediate attention from organizations utilizing these systems.
Exploited Flaws in Kentico and Zimbra
CISA has also warned about two significant defects identified last year in Kentico Xperience and Zimbra Collaboration Suite. These vulnerabilities could lead to remote code execution, posing severe threats to affected systems.
The Kentico issue, categorized as CVE-2025-2749, involves path traversal and arbitrary file upload vulnerabilities, which could facilitate unauthorized content execution on servers. Despite requiring authentication, the potential for exploitation remains high, especially when combined with other known issues.
The Zimbra vulnerability, labeled CVE-2025-48700, is a cross-site scripting (XSS) flaw within the Zimbra Classic UI. This can be exploited by crafting specific messages that trigger JavaScript execution within a user’s session, potentially compromising data integrity.
Additional Vulnerabilities in Focus
In addition to the aforementioned issues, CISA has added three more vulnerabilities to its KEV catalog. These include CVE-2025-32975 in Quest KACE, noted for potential exploitation, CVE-2024-27199 in JetBrains TeamCity, exploited over a prolonged period, and CVE-2023-27351 in PaperCut, which has been a concern since early 2023.
CISA is urging federal agencies to prioritize patching the Cisco and Zimbra vulnerabilities by April 23, with the other vulnerabilities requiring attention by May 4. This proactive approach is crucial to safeguarding sensitive information and maintaining cybersecurity resilience.
Related articles explore similar vulnerabilities, including flaws in discontinued TP-Link routers and recent Apache ActiveMQ exploits, highlighting the evolving landscape of cybersecurity threats.
