The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, reflecting active exploitation in the wild. The first, CVE-2024-1708, is a path traversal vulnerability in ConnectWise ScreenConnect, rated with a CVSS score of 8.4, indicating a high severity level. The second unspecified flaw affects Microsoft Windows, further emphasizing the urgent need for organizations to address these vulnerabilities to protect their systems from potential breaches.
For businesses, the inclusion of these vulnerabilities in CISA's KEV catalog serves as a crucial alert to prioritize patching and remediation efforts. Organizations using ConnectWise ScreenConnect should immediately assess their systems for the CVE-2024-1708 vulnerability and implement necessary updates to mitigate risks. Additionally, the acknowledgment of a Windows vulnerability underscores the importance of maintaining a robust cybersecurity posture, as these flaws can be exploited to gain unauthorized access or disrupt operations. This situation highlights the ongoing challenges in cybersecurity, where both established software and emerging technologies must be vigilantly monitored and safeguarded against evolving threats.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html)*