ACCORDING to CISA, the U.S. agency added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, affecting ConnectWise ScreenConnect and Microsoft Windows, based on evidence of active exploitation. CVE-2024-1708 is a path traversal flaw in ConnectWise ScreenConnect (fixed February 2024) with a CVSS of 8.4, while CVE-2026-32202 is a Windows Shell protection mechanism failure (fixed in April 2026) with a CVSS of 4.3 that could allow spoofing over a network.
Microsoft had updated its advisory for CVE-2026-32202 to note active exploitation, and Akamai attributed related activity to an incomplete patch for CVE-2026-21510, linked to the Russia-based APT28 in attacks since December 2025. Attacks exploiting CVE-2024-1708 have been connected to a chain with CVE-2024-1709 by multiple threat actors over the years, while Microsoft tied exploitation of the Windows flaw to Storm-1175 in attacks deploying Medusa ransomware. Federal Civilian Executive Branch agencies are required to apply fixes by 12 May 2026 to secure their networks.