ACCORDING to CISA, eight new vulnerabilities were added to the Known Exploited Vulnerabilities catalog, including three flaws affecting Cisco Catalyst SD-WAN Manager and evidence of active exploitation.
The newly listed CVEs are CVE-2023-27351 (PaperCut NG/MF) with a CVSS of 8.2, CVE-2024-27199 (JetBrains TeamCity) with a CVSS of 7.3, CVE-2025-2749 (Kentico Xperience) with a CVSS of 7.2, CVE-2025-32975 (Quest KACE SMA) with a CVSS of 10.0, CVE-2025-48700 (Synacor Zimbra) with a CVSS of 6.1, CVE-2026-20122 (Cisco Catalyst SD-WAN Manager) with a CVSS of 5.4, CVE-2026-20128 (Cisco Catalyst SD-WAN Manager) with a CVSS of 7.5, and CVE-2026-20133 (Cisco Catalyst SD-WAN Manager) with a CVSS of 6.5.
The piece notes that CVE-2024-27198, another JetBrains TeamCity flaw, was added to KEV in March 2024, and that CVE-2023-27351’s exploitation was attributed to Lace Tempest in 2023 in connection with Cl0p and LockBit campaigns. Cisco has said it became aware of exploitation of CVE-2026-20122 and CVE-2026-20128 in March 2026, while CISA’s advisory has not yet been updated to reflect in-the-wild abuse of CVE-2026-20133. Given the active exploitation, federal agencies have been asked to address the three Cisco vulnerabilities by 23 April 2026 and the rest by 4 May 2026.