CISA added four exploited vulnerabilities to its
CISA Adds Four Exploited Flaws to KEV, Sets May 2026 Federal Deadline
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on April 25, 2026 that four new vulnerabilities—impacting SimpleHelp, Samsung MagicINFO 9 Server, and D‑Link DIR‑823X series routers—have been added to its Known Exploited Vulnerabilities (KEV) catalog. Evidence of active exploitation was cited by CISA. This update comes with a federal deadline: agencies must remediate these vulnerabilities by May 2026.
What We Know
CISA’s KEV list now includes:
- CVE‑2024‑57726 – A missing authorization vulnerability (CVSS 9.9) affecting SimpleHelp.
- CVE‑2024‑7399 – Samsung MagicINFO 9 Server path traversal vulnerability.
- CVE‑2024‑57728 – SimpleHelp path traversal vulnerability.
- CVE‑2025‑29635 – D‑Link DIR‑823X command injection vulnerability.
These vulnerabilities are frequent attack vectors for malicious actors and pose significant risks to federal enterprises. The BOD 22‑01 directive requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date, safeguarding FCEB networks against active threats. (CISA, [email protected] (The Hacker News))
Business Impact
If your organization hosts or relies on any of these devices—SimpleHelp, Samsung MagicINFO 9 Server, or D‑Link DIR‑823X routers—you face direct exposure to:
- Unauthorized access: attackers could gain credentials and control critical systems.
- Data leakage: sensitive corporate or customer data may be compromised.
- Operational disruption: service outages or downtime can affect productivity and revenue.
Even non-federal entities that use these hardware products, especially in interconnected networks (e.g., voice, connectivity services), can suffer from cascading failures if attackers exploit the vulnerabilities. The high CVSS scores signal a severe threat level, prompting immediate action to mitigate potential losses.
What To Do
- Immediate Review: Assess whether your network contains any of the listed devices. Use inventory tools or vendor documentation.
- Patch Management: Apply vendor‑issued patches for each vulnerability as soon as they become available. If no patch is released, consider disabling the affected features or replacing the hardware.
- Monitoring & Detection: Deploy intrusion detection systems (IDS) and logging to identify unauthorized access attempts. Set alerts for anomalous behaviors tied to the vulnerabilities.
- Backup & Recovery Plans: Ensure robust backups of critical data and clear recovery procedures in case of breach or system failure.
- Compliance Check: Verify compliance with BOD 22‑01’s remediation deadlines. Document remediation steps and timelines to demonstrate adherence.
Organizations unable to patch immediately should adopt interim mitigations—such as network segmentation, firewall rules blocking vulnerable ports, or temporary disabling of the affected functionality—to reduce exposure while awaiting official fixes.
The Bigger Picture
This event underscores a growing trend in exploit‑active vulnerabilities within widely used enterprise hardware. Federal agencies are increasingly tightening deadlines to enforce rapid remediation. The KEV catalog serves as a living list of high‑risk exposures, guiding stakeholders toward proactive security measures. Continued vigilance and timely patching will help safeguard not only federal networks but also any business relying on these components.
How We Can Help
DefendMyBusiness collaborates with 400+ technology providers to tailor secure solutions for your specific needs. If you need a quick assessment of your network, our free security scan tool is available. Contact us at
—
Sources
Tags: cybersecurity, federal-security, business risk, DefendMyBusiness, KEV, vulnerability remediation.
The Short Answer
CISA added four exploited vulnerabilities to its KEV catalog, requiring federal agencies to remediate them by May 2026. The vulnerabilities affect SimpleHelp, Samsung MagicINFO 9 Server, and D‐Link DIR‐823X routers, with CVSS scores ranging from 9.9 to high severity. Immediate action is needed to patch or mitigate these risks to prevent unauthorized access, data leakage, and operational disruption. Organizations should review their networks, apply patches, and implement monitoring and backup strategies as outlined in the guide.
Recommended Penetration Testing Vendors
DefendMyBusiness partners with a curated network of 400+ vetted providers. Here are 4 currently active in our channel ecosystem for penetration testing:
| Vendor | Specialty |
|---|---|
| CBTS | In the channel, CBTS has become the go-to provider for complex and unique requests, multi-location projects, mission-critical networking and |
| ngenious | Why ngenious? At ngenious, we believe that digitization is the driving force of the new economy, and that automation and managed service |
| C-Spire | Your trusted guide for success. We’ve spent over 30 years as a technology leader, helping businesses leverage cutting-edge technology to pro |
| XTIUM | At XTIUM, we do more than support your Clients’ IT – we integrate, secure, and optimize it. Our mission is simple: We make your clients’ IT |
Get a free tailored shortlist — we match you with 3 of these vendors based on your size, industry, and priorities. 24-hour turnaround, no obligation.
Free Download: What We Know Checklist
Want help getting your security solution right?
Defend My Business helps SMBs cut through the marketing and get their security solution right for their environment, budget, and compliance needs — then deploy and manage it. Through our 400+ vendor network we can often secure better pricing and terms than buying direct, and we stay vendor-neutral, so the recommendation fits you, not a sales quota. Want a second opinion? Pair this with our cybersecurity consulting or talk it through with an advisor.
Book a free call with a DMB advisor →
