The Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities — one in ConnectWise ScreenConnect and one in Microsoft Windows — to the Known Exploited Vulnerabilities catalog on Tuesday.The ScreenConnect vulnerability, tracked as CVE-2024-1708, is a path traversal flaw with a CVSS score of 8.4. The Windows vulnerability, a protection mechanism failure in Windows Shell, is tracked as CVE-2026-32202 and has a CVSS score of 4.3.CVE-2024-1708 was first disclosed in February 2024 and could allow a malicious ScreenConnect extension to write files outside of its own subdirectory to achieve remote code execution (RCE).While achieving RCE with this vulnerability would require administrator access to use the Extensions functionality, according to Huntress, it could be chained with the critical authentication bypass vulnerability tracked as CVE-2024-1709 to gain such access.The researchers noted that CVE-2024-1709, which was given a CVSS score of 10.0, could be exploited on its own to achieve RCE, with the flaw being added to the KEV catalog on Feb. 22, 2024.With the addition of CVE-2024-1708 to the catalog, federal civilian executive branch (FCEB) agencies are required to patch the flaw by May 12, 2026. The vulnerability was patched in ScreenConnect version 23.9.8.The Windows flaw is also tied to a previously exploited vulnerability. CVE-2026-32202, disclosed and patched on April 14, 2026, was noted by Akamai researchers to involve an incomplete patch of CVE-2026-21510, a zero-day exploited by the Russian threat group APT28, also known as Fancy Bear.CVE-2026-21510, which was added to the KEV catalog on Feb. 10, 2026, allowed a malicious LNK file to be executed without triggering a Microsoft Defender SmartScreen warning prompt. Akamai found that while the patch fixes the SmartScreen bypass, it fails to prevent Windows from initiating a server message block (SMB) connection to the attacker’s server when rendering the contents of the folder containing the malicious LNK file.This leads to a zero-click vulnerability where the automatic SMB connection triggers an NTLM authentication handshake with the attacker’s server, providing a Net-NTLMv2 hash that could be leveraged for NTLM relay attacks, the researchers wrote.Microsoft updated its advisory on April 27, noting exploitation of the vulnerability had been detected. FCEB agencies are required to remediate CVE-2026-32202 by May 12, 2026.
Vulnerability Management, Patch/Configuration Management, Government security
CISA adds ConnectWise, Microsoft flaws to KEV catalog
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds