THE Known Exploited Vulnerabilities Catalog currently lists a single entry: Samsung | MagicINFO 9 Server, with CVE-2024-7399. It describes a path traversal vulnerability in Samsung MagicINFO 9 Server that could allow an attacker to write arbitrary files as system authority. Related CWEs are CWE-22 and CWE-434. The entry notes that it is unknown whether it has been used in ransomware campaigns.
Action recommended is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Date Added is 24 April 2026 and the Due Date is 8 May 2026.