# CISA adds four actively exploited vulnerabilities to catalog, sets May deadline _Saturday, April 25, 2026 at 4:31 AM EDT · Cybersecurity · Latest · Tier 2 — Notable_ ![CISA adds four actively exploited vulnerabilities to catalog, sets May deadline — Primary](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBMgO4j_Nf0B9HdU4WtN1axBdJFNJgV6Xvb8pCk0kooK6_-gNIxfURSqLIJuuzaufzvoXVTkFFg9WfMkyHvu4h_DBQK4QMJ21JYdwWtLem-CSOgTEYFhXazp4aSPJJglbiZel1V5aatqMKFCXk3scw-3UmMzQPrmTn-CbgBBjpLu_i4TBfNyS2kgZSkreW/s1700-e365/cisa-kev.jpg) The U.S. Cybersecurity and Infrastructure Security Agency on Friday added four vulnerabilities to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Federal Civilian Executive Branch agencies are recommended to apply fixes or discontinue affected products by May 8, 2026. The flaws include CVE-2024-57726 and CVE-2024-57728 in SimpleHelp remote support software, CVE-2024-7399 in Samsung MagicINFO 9 Server, and CVE-2025-29635 in end-of-life D-Link DIR-823X series routers. CVE-2024-57726 allows low-privileged technicians to create API keys with excessive permissions, which can then be used to escalate privileges to the server admin role. CVE-2024-57728 permits admin users to upload arbitrary files via a crafted zip file, which can be exploited to execute arbitrary code. Both issues have been exploited as precursors to ransomware attacks, with at least one campaign attributed to the DragonForce ransomware operation. CVE-2024-7399 is a path traversal vulnerability in Samsung MagicINFO 9 Server that could allow an attacker to write arbitrary files with system authority. Past exploitation of this flaw has been linked to Mirai botnet activity. CVE-2025-29635 is a command injection vulnerability in D-Link DIR-823X routers that allows an authorized attacker to execute arbitrary commands. Akamai disclosed earlier this week that it recorded attempts against D-Link devices to deliver a Mirai botnet variant named tuxnokill. ## Sources - [The Hacker News](https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html) --- Canonical: https://techandbusiness.org/newswire/nboQQLUk2FOYJmEHhn5kdW Retrieved: 2026-04-25T11:26:37.411Z Publisher: Tech & Business (techandbusiness.org)