The Cybersecurity and Infrastructure Security Agency added two major software flaws to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, acknowledging the evidence that hackers have been using the bugs in recent attacks.
CISA added CVE-2024-1708, a high-severity flaw in ConnectWise’s ScreenConnect remote-access tool, and CVE-2026-32202, a medium-severity flaw in the Windows Shell user interface, to its KEV catalog. Federal agencies have until May 12 to patch the two bugs.
The ScreenConnect path-traversal vulnerability could allow a hacker to remotely execute code or tamper with sensitive data, while the Windows vulnerability, the result of a defective security mechanism, could allow attackers to impersonate legitimate users.
CISA’s addition of the Windows vulnerability came one day after Microsoft confirmed that hackers were exploiting the flaw.
CVE-2026-32202 is the result of an incomplete patch for a prior Windows Shell vulnerability, CVE-2026-21510, which the Russia-linked hacking group APT28 used in a cyberattack campaign against Ukraine and other European countries in December, Akamai said last week.
The ConnectWise vulnerability, CVE-2024-1708, has featured in multiple cyberattacks over the past few years, including a North Korea–linked campaign and ransomware attacks by China-linked cybercriminals. Hackers have been pairing CVE-2024-1708 with another high-severity ConnectWise flaw, CVE-2024-1709, to bypass the remote-access software’s authentication mechanisms.
