The U.S. Cybersecurity and Infrastructure Security Agency has expanded its Known Exploited Vulnerabilities catalog with eight newly identified flaws, marking an urgent expansion of tracked security threats with documented active exploitation in the wild. The additions underscore mounting pressure on federal agencies and private sector organizations to prioritize patching efforts across their infrastructure.
Among the catalogued vulnerabilities are three critical flaws affecting Cisco Catalyst SD-WAN Manager, a widely deployed networking solution used by enterprises for software-defined wide-area network management. The inclusion of these Cisco flaws signals heightened concern about threats targeting network infrastructure components relied upon by government and commercial entities alike.
One particularly notable vulnerability involves an improper authentication flaw in PaperCut, a popular print management platform deployed across educational institutions, corporations, and government offices. This vulnerability carries a CVSS severity score of 8.2, reflecting its potential for significant impact if successfully exploited.
CISA's KEV catalog serves as a critical resource for cybersecurity professionals and IT administrators, providing a centralized list of vulnerabilities confirmed to be exploited in active attacks. The agency regularly updates this inventory based on evidence gathered from threat intelligence operations and coordinated disclosures from security researchers and affected vendors.
Federal agencies and contractors operating under government contracts face specific remediation timelines for vulnerabilities appearing on the KEV roster. The latest additions establish binding deadlines spanning April through May 2026, requiring organizations to complete patching efforts within the specified windows or face potential compliance violations.
These additions arrive amid a broader cybersecurity landscape characterized by accelerating attack cycles and sophisticated threat actors leveraging known flaws to compromise critical systems. Organizations managing vulnerable software should prioritize assessment of their exposure and develop expedited patching strategies to address these exploited vulnerabilities before federal deadlines take effect.