CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

2026-04-21

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities catalog, with three affecting Cisco Catalyst SD-WAN Manager, setting federal agency remediation deadlines.

•CVE-2025-32975 in Quest KACE Systems Management Appliance has a critical CVSS score of 10.0 allowing attackers to impersonate legitimate users without credentials
•Three Cisco Catalyst SD-WAN Manager flaws enable file upload/overwriting, password recovery, and sensitive information disclosure
•Active exploitation has been observed including usage by threat actors for ransomware delivery and targeting unpatched systems
•Federal agencies must remediate the three Cisco vulnerabilities by April 23, 2026, and address the remaining five vulnerabilities by May 4, 2026
•

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

Take Control: Customer-Managed Keys for Lakebase Postgres

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain