CISA Adds 8 Exploited Vulnerabilities to KEV Catalog

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW threat-intelvulnerabilitycloudidentity
CISA Adds 8 Exploited Vulnerabilities to KEV Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch them by April and May 2026. Among the newly listed flaws are three affecting Cisco Catalyst SD-WAN Manager, indicating active exploitation in the wild. The inclusion of these vulnerabilities signals a critical need for organizations using these products to prioritize patching and mitigation efforts.

One notable vulnerability added is CVE-2023-27351, an improper authentication flaw in PaperCut software with a CVSS score of 8.2. This type of vulnerability can be a gateway for attackers to gain unauthorized access, bypass security controls, and potentially compromise sensitive data or systems. The proactive inclusion in the KEV catalog by CISA underscores the immediate threat these vulnerabilities pose to critical infrastructure and federal networks.

What This Means For You

  • If your organization utilizes Cisco Catalyst SD-WAN Manager or PaperCut software, you must immediately verify that CVE-2023-27351 and the other Cisco SD-WAN Manager vulnerabilities are patched. Audit your environments for any signs of compromise related to these specific CVEs, as CISA has confirmed active exploitation.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence T1078.004 Cloud Accounts Initial Access

๐Ÿ›ก๏ธ Detection Rules

3 rules ยท 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free โ€” export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

KEV - PaperCut CVE-2023-27351 Improper Authentication

Sigma YAML โ€” free preview
โœ“ Sigma ยท Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot โ†’

Indicators of Compromise

IDTypeIndicator
CVE-2023-27351 Auth Bypass PaperCut MF/NG versions prior to 8.0.7, 19.2.12, 20.1.7, 21.2.11, 22.0.9, 22.1.3, 22.1.4, 22.1.5
CISA-KEV-2026-04 Multiple Vulnerabilities Cisco Catalyst SD-WAN Manager

Written by SCW Vulnerability Desk

Take action on this incident
๐Ÿ“ก Monitor cisa.gov Add to watchlist ยท alerts on new breaches ๐Ÿ” Threat intel on CISA All breaches, IOCs & vendor exposure

Related Posts

Major Israeli Airline Passenger Data on Darknet

DARKFEED reports that passenger data from a major Israeli airline is being offered for sale on a prominent darknet forum. This incident represents a direct...

darkwebthreat-intelransomwaredata-breach
/SCW Threat Desk /MEDIUM

Vercel Breach: Stolen OAuth Tokens โ€” New Lateral Movement Vector

A recent data breach at Vercel stemmed from an employee's access to an AI tool, ultimately leading to the compromise of OAuth tokens. Dark Reading...

threat-inteltoolsdata-breachidentity
/SCW Research /HIGH /⚙ 3 Sigma

Gentlemen Ransomware Leverages SystemBC Botnet for Attacks

BleepingComputer reports that the Gentlemen ransomware gang is now integrating SystemBC proxy malware into its attack chain. An investigation into a Gentlemen ransomware incident uncovered...

threat-inteldata-breachmalwareransomwarebleepingcomputer
/SCW Research /MEDIUM