CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Friday, affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers. Among the flaws, CVE-2024-57726 (CVSS score: 9.9) was identified as a missing authorization vulnerability, though full details of all four CVEs were not disclosed in the notice. CISA set a federal compliance deadline of May 2026 for remediation of these vulnerabilities. The inclusion in the KEV catalog indicates confirmed evidence of in-the-wild exploitation. The affected products span remote support software, digital signage servers, and consumer-grade networking devices.