CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Deadline

Executive Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on April 24, 2026 added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. The flaws affect SimpleHelp remote support software, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers. CISA mandated that all Federal Civilian Executive Branch (FCEB) agencies remediate these vulnerabilities by May 15, 2026, per Binding Operational Directive (BOD) 22-01. The highest-severity entry is CVE-2024-57726, a missing authorization vulnerability in SimpleHelp with a CVSS score of 9.9, according to CISA's announcement.

Technical Analysis

CISA's KEV catalog update includes the following vulnerabilities, as reported by The Hacker News:

• CVE-2024-57726 (CVSS 9.9) — A missing authorization vulnerability in SimpleHelp remote support software. The flaw allows unauthenticated attackers to bypass access controls, potentially leading to remote code execution or sensitive data exposure. SimpleHelp is widely used by IT support teams and managed service providers (MSPs) for remote administration.
• Three additional flaws in Samsung MagicINFO 9 Server and D-Link DIR-823X series routers, though CISA has not yet published full technical details for all entries. The Samsung MagicINFO 9 Server is a digital signage management platform; the D-Link DIR-823X is a consumer-grade Wi-Fi router.

CISA's KEV catalog entry for CVE-2024-57726 notes that the vulnerability is being actively exploited, but the agency did not disclose the specific threat actor or campaign behind the exploitation. The addition follows CISA's standard process of monitoring open-source intelligence, threat reporting, and incident response data to identify vulnerabilities that pose significant risk to federal networks.

Notably, CVE-2024-57726 was originally disclosed in late 2024, but its inclusion in KEV now confirms that exploitation has continued or escalated. The CVSS 9.9 score places it among the most critical vulnerabilities in the catalog, as the missing authorization vector can be chained with other weaknesses for full system compromise.

Mitigations & Recommendations

FCEB agencies must apply patches or implement vendor-supplied mitigations by May 15, 2026. For organizations outside the federal government, CISA recommends:

• Immediately updating SimpleHelp to the latest patched version, as the vendor has released a fix for CVE-2024-57726.
• Reviewing Samsung MagicINFO 9 Server configurations and applying any available security updates.
• Disabling remote management on D-Link DIR-823X routers if not required, or updating firmware to the latest version.
• Monitoring network logs for unauthorized access attempts targeting these products, particularly on exposed management interfaces.

CISA's KEV catalog serves as a prioritized list for vulnerability management programs. Organizations should treat KEV additions as evidence of active exploitation and expedite remediation accordingly.