What We Know

TL;DR

CISA added four exploited vulnerabilities to its

CISA Adds Four Exploited Flaws to KEV, Sets May 2026 Federal Deadline

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on April 25, 2026 that four new vulnerabilities—impacting SimpleHelp, Samsung MagicINFO 9 Server, and D‑Link DIR‑823X series routers—have been added to its Known Exploited Vulnerabilities (KEV) catalog. Evidence of active exploitation was cited by CISA. This update comes with a federal deadline: agencies must remediate these vulnerabilities by May 2026.

What We Know

CISA’s KEV list now includes:

  • CVE‑2024‑57726 – A missing authorization vulnerability (CVSS 9.9) affecting SimpleHelp.
  • CVE‑2024‑7399 – Samsung MagicINFO 9 Server path traversal vulnerability.
  • CVE‑2024‑57728 – SimpleHelp path traversal vulnerability.
  • CVE‑2025‑29635 – D‑Link DIR‑823X command injection vulnerability.

These vulnerabilities are frequent attack vectors for malicious actors and pose significant risks to federal enterprises. The BOD 22‑01 directive requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date, safeguarding FCEB networks against active threats. (CISA, info@thehackernews.com (The Hacker News))

Business Impact

If your organization hosts or relies on any of these devices—SimpleHelp, Samsung MagicINFO 9 Server, or D‑Link DIR‑823X routers—you face direct exposure to:

  • Unauthorized access: attackers could gain credentials and control critical systems.
  • Data leakage: sensitive corporate or customer data may be compromised.
  • Operational disruption: service outages or downtime can affect productivity and revenue.

Even non-federal entities that use these hardware products, especially in interconnected networks (e.g., voice, connectivity services), can suffer from cascading failures if attackers exploit the vulnerabilities. The high CVSS scores signal a severe threat level, prompting immediate action to mitigate potential losses.

What To Do

  1. Immediate Review: Assess whether your network contains any of the listed devices. Use inventory tools or vendor documentation.
  2. Patch Management: Apply vendor‑issued patches for each vulnerability as soon as they become available. If no patch is released, consider disabling the affected features or replacing the hardware.
  3. Monitoring & Detection: Deploy intrusion detection systems (IDS) and logging to identify unauthorized access attempts. Set alerts for anomalous behaviors tied to the vulnerabilities.
  4. Backup & Recovery Plans: Ensure robust backups of critical data and clear recovery procedures in case of breach or system failure.
  5. Compliance Check: Verify compliance with BOD 22‑01’s remediation deadlines. Document remediation steps and timelines to demonstrate adherence.

Organizations unable to patch immediately should adopt interim mitigations—such as network segmentation, firewall rules blocking vulnerable ports, or temporary disabling of the affected functionality—to reduce exposure while awaiting official fixes.

The Bigger Picture

This event underscores a growing trend in exploit‑active vulnerabilities within widely used enterprise hardware. Federal agencies are increasingly tightening deadlines to enforce rapid remediation. The KEV catalog serves as a living list of high‑risk exposures, guiding stakeholders toward proactive security measures. Continued vigilance and timely patching will help safeguard not only federal networks but also any business relying on these components.

How We Can Help

DefendMyBusiness collaborates with 400+ technology providers to tailor secure solutions for your specific needs. If you need a quick assessment of your network, our free security scan tool is available. Contact us at to schedule a personalized advisory session.

Sources

Tags: cybersecurity, federal-security, business risk, DefendMyBusiness, KEV, vulnerability remediation.

Recommended Penetration Testing Vendors

DefendMyBusiness partners with a curated network of 400+ vetted providers. Here are 4 currently active in our channel ecosystem for penetration testing:

Vendor Specialty
Comcast Business Comcast Business offers leading global businesses the technology solutions and forward-thinking partnership they need. With a full suite of
Spectrum Spectrum is a national provider of fiber-and coaxial-based technology solutions, serving over 32 million customers in 41 states. The Spectru
GHA Technologies GHA is one of the largest, private ESOP (Employee Owned) held computer companies in America, Microsoft #1 western region reseller, #1 fastes
US Signal Channel partner specializing in penetration testing

Get a free tailored shortlist — we match you with 3 of these vendors based on your size, industry, and priorities. 24-hour turnaround, no obligation.

Free Download: What We Know Checklist

Get the practical one-page checklist distilled from this guide. Built for SMB owners, delivered instantly.

Get the Free Checklist →

Tags: