The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog to include newly identified security flaws impacting Microsoft Windows Shell and ConnectWise ScreenConnect. The KEV catalog is reserved for vulnerabilities that CISA has confirmed are being actively exploited in real‑world attacks.
Newly added vulnerabilities
The latest update includes the following issues:
- CVE‑2024‑1708 (CVSS 8.4) — ConnectWise ScreenConnect Path Traversal Vulnerability
- CVE‑2026‑32202 (CVSS 4.3) — Microsoft Windows Protection Mechanism Failure (Windows Shell Spoofing)
ConnectWise ScreenConnect path traversal flaw
The first vulnerability, CVE‑2024‑1708, affects ConnectWise ScreenConnect versions 23.9.7 and earlier. This flaw arises from insufficient restrictions on file path handling, allowing attackers to traverse outside designated directories.
By manipulating crafted file paths, a threat actor may gain access to sensitive files and directories that should otherwise be restricted. In certain attack scenarios, successful exploitation could enable unauthorized data exposure, access to protected resources, or even remote code execution, making this issue particularly dangerous for organizations relying on affected ScreenConnect deployments.
Windows Shell spoofing vulnerability
The second entry, CVE‑2026‑32202, is a Windows Shell spoofing vulnerability caused by a failure in built‑in protection mechanisms. This weakness enables attackers to spoof network‑delivered content, potentially deceiving users or systems into interacting with malicious resources presented as legitimate.
Although the CVSS score for this vulnerability is lower than the ScreenConnect flaw, its confirmed exploitation prompted inclusion in the KEV catalog, underscoring the real‑world risk posed by the issue.
Required remediation under federal directive
Under Binding Operational Directive (BOD) 22‑01, which focuses on mitigating the risk of known exploited vulnerabilities, Federal Civilian Executive Branch (FCEB) agencies are required to remediate all KEV‑listed vulnerabilities within the specified timeframe. The directive is intended to reduce exposure to threats that adversaries are already actively leveraging.
CISA has instructed federal agencies to apply fixes or mitigations no later than May 12, 2026 to protect government networks from exploitation.
Guidance for non‑federal organizations
While the directive applies specifically to federal entities, security experts strongly encourage private‑sector organizations to regularly review the KEV catalog and prioritize remediation of any listed vulnerabilities present in their environments. Addressing known exploited flaws remains one of the most effective ways to reduce exposure to active attack campaigns.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
