ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) catalog was expanded to include eight more flaws, three of which had not previously been flagged as exploited. The most recent addition is CVE-2026-20133, a high-severity information disclosure bug in Cisco Catalyst SD-WAN Manager that was patched in February, allowing an attacker to read information from the underlying operating system via API access.
The agency also flagged two Kentico Xperience and Zimbra Collaboration Suite (ZCS) vulnerabilities that have been exploited in attacks, including CVE-2025-2749, a Kentico path traversal and arbitrary file upload issue enabling remote code execution. The ZCS flaw is CVE-2025-48700, an XSS bug in the Zimbra Classic UI that can execute JavaScript in a user’s session. Rounding out the eight are CVE-2025-32975 (Quest KACE), CVE-2024-27199 (JetBrains TeamCity), and CVE-2023-27351 (PaperCut). Agencies are urged to patch the Cisco and Zimbra vulnerabilities by 23 April and the remaining four by 4 May.