The U.S. Cybersecurity and Infrastructure Security Agency on Monday added eight vulnerabilities to its Known Exploited Vulnerabilities catalog, including three flaws in Cisco Catalyst SD-WAN Manager, after evidence of active exploitation. The new entries include issues in PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE Systems Management Appliance and Synacor Zimbra Collaboration Suite, along with the Cisco bugs.
KEY FACTS
- Total added CISA added eight flaws to the KEV catalog.
- Cisco impact Three of the entries affect Catalyst SD-WAN Manager.
- Highest severity One of the flaws, CVE-2025-32975, carries a CVSS score of 10.0.
- Deadline FCEB agencies were told to address the Cisco issues by April 23, 2026, and the rest by May 4, 2026.
The agency alert lists flaws that range from improper authentication and path traversal to cross-site scripting, sensitive data exposure and incorrect use of privileged APIs. The Cisco entries are CVE-2026-20122, CVE-2026-20128 and CVE-2026-20133.
CVE-2023-27351 affects PaperCut NG/MF and was previously linked to attacks delivering Cl0p and LockBit ransomware. The report also says CVE-2024-27198, another TeamCity flaw, was already added to the catalog in March 2024, and it is not known whether the two TeamCity bugs are being used together.
CVE-2025-32975 affects Quest KACE SMA and has been observed in active attacks against unpatched systems. CVE-2025-48700 affects Zimbra, while CERT-UA said a separate Zimbra flaw has been used in attacks against Ukrainian entities since September 2025 to collect mailbox contents and credentials.
Cisco said it became aware in March 2026 of exploitation of two of the SD-WAN flaws. The disclosure says the company has not yet updated its advisory to reflect the active abuse of CVE-2026-20133.
WHY IT MATTERS
Placement in the KEV catalog signals that the flaws are being used in the wild and should be prioritized by defenders. The additions affect widely used enterprise software and could expose organizations to account takeover, data theft and system compromise if patches are delayed.