ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog is the authoritative source of vulnerabilities that have been exploited in the wild. It lists ConnectWise ScreenConnect CVE-2024-1708, described as a path traversal vulnerability that could allow an attacker to execute remote code or directly impact confidential data and critical systems. Date added is 28 April 2026 and the due date is 12 May 2026. Related CWE is CWE-22, and Known To Be Used in Ransomware Campaigns? Unknown.
Action: mitigate per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.