{"id":235469,"date":"2026-04-25T01:08:00","date_gmt":"2026-04-25T05:08:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/25\/cisa-adds-4-exploited-flaws-to-kev-sets-may-2026-federal-deadline\/"},"modified":"2026-04-25T07:55:07","modified_gmt":"2026-04-25T11:55:07","slug":"cisa-adds-4-exploited-flaws-to-kev-sets-may-2026-federal-deadline","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/25\/cisa-adds-4-exploited-flaws-to-kev-sets-may-2026-federal-deadline\/","title":{"rendered":"CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/cisa-adds-4-exploited-flaws-to-kev-sets.html\">CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/cisa-adds-4-exploited-flaws-to-kev-sets.html\">https:\/\/thehackernews.com\/2026\/04\/cisa-adds-4-exploited-flaws-to-kev-sets.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-25 01:08:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Apr 25, 2026<\/span><\/span><span class=\"p-tags\">Network Security \/ Infrastructure Security<\/span><\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.<\/p>\n<p>The list of vulnerabilities is below &#8211;<\/p>\n<ul>\n<li><strong>CVE-2024-57726<\/strong> (CVSS score: 9.9) &#8211; A missing authorization vulnerability in SimpleHelp that could allow low-privileged technicians to create API keys with excessive permissions, which can then be used to escalate privileges to the server admin role.<\/li>\n<li><strong>CVE-2024-57728<\/strong> (CVSS score: 7.2) &#8211; A path traversal vulnerability in SimpleHelp that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e., zip slip), which can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.<\/li>\n<li><strong>CVE-2024-7399<\/strong> (CVSS score: 8.8) &#8211; A path traversal vulnerability in Samsung MagicINFO 9 Server that could allow an attacker to write arbitrary files as system authority.<\/li>\n<li><strong>CVE-2025-29635<\/strong> (CVSS score: 7.5) &#8211; A command injection vulnerability in end-of-life D-Link DIR-823X series routers that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to \/goform\/set_prohibiting via the corresponding function.<\/li>\n<\/ul>\n<p>While both the SimpleHelp flaws have been marked as &#8220;Unknown&#8221; against the &#8220;Known To Be Used in Ransomware Campaigns?&#8221; Indicators, reports from Field Effect and Sophos revealed early last year that the issues were exploited as a precursor to ransomware attacks. One such campaign was attributed to the DragonForce ransomware operation.<\/p>\n<p>The exploitation of CVE-2024-7399 has been linked to malicious activity deploying the Mirai botnet in the past. As for CVE-2025-29635, Akamai disclosed earlier this week that it recorded attempts against D-Link devices to deliver a Mirai&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/cisa-adds-4-exploited-flaws-to-kev-sets.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline https:\/\/thehackernews.com\/2026\/04\/cisa-adds-4-exploited-flaws-to-kev-sets.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":235470,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgBMgO4j_Nf0B9HdU4WtN1axBdJFNJgV6Xvb8pCk0kooK6_-gNIxfURSqLIJuuzaufzvoXVTkFFg9WfMkyHvu4h_DBQK4QMJ21JYdwWtLem-CSOgTEYFhXazp4aSPJJglbiZel1V5aatqMKFCXk3scw-3UmMzQPrmTn-CbgBBjpLu_i4TBfNyS2kgZSkreW\/s1600\/cisa-kev.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,29,27],"class_list":["post-235469","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-network-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235469"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=235469"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235469\/revisions"}],"predecessor-version":[{"id":235471,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235469\/revisions\/235471"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/235470"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=235469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=235469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=235469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}