The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog by adding eight newly identified vulnerabilities, including critical flaws affecting Cisco Catalyst SD-WAN Manager. Among these, CVE-2023-27351, which carries a CVSS score of 8.2, is an improper authentication vulnerability in PaperCut that is currently being actively exploited. This update underscores the urgency for organizations to address these vulnerabilities, especially given the impending deadlines set for federal compliance in April-May 2026.
For businesses, particularly those in the public sector or utilizing Cisco products, the inclusion of these vulnerabilities in the KEV catalog serves as a stark reminder of the need for robust cybersecurity measures. Organizations are urged to prioritize patching and remediation efforts to mitigate the risks associated with these flaws. Failure to comply with the deadlines could not only expose them to increased cyber threats but also result in regulatory consequences. This development is significant for the cybersecurity landscape as it highlights the ongoing challenges organizations face in protecting their networks from sophisticated threats, particularly in a rapidly evolving threat environment influenced by AI advancements.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html)*