The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, adding eight new security flaws that are currently being leveraged in real-world attacks, prompting urgent warnings for organizations to apply patches.
Among the newly listed issues are three vulnerabilities affecting Cisco’s Catalyst SD-WAN Manager—CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133—which include risks such as privilege escalation, credential exposure, and sensitive information disclosure. These flaws could allow attackers to access system APIs, overwrite files, or extract confidential data from affected environments.
CISA also highlighted vulnerabilities in Kentico Xperience and Zimbra Collaboration Suite that have been actively exploited. The Kentico flaw (CVE-2025-2749) is a path traversal and arbitrary file upload issue that can enable remote code execution when exploited. Meanwhile, a Zimbra vulnerability (CVE-2025-48700) allows attackers to execute malicious scripts within user sessions, potentially leading to unauthorized access and data compromise.
CISA has set strict remediation deadlines, urging federal agencies to patch Cisco and Zimbra-related vulnerabilities by April 23, while fixes for other issues must be applied by early May.
 has expanded its Known Exploited Vulnerabilities (KEV) catalog, adding eight){kind=link}