[Security Vulnerability Alert] CISA adds 4 known vulnerabilities exploited by hackers to the KEV directory (2026/04/27-2026/05/03)

 
2026/5/7 ~ 2026/11/7
View Count:15

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000003

[Content Description]
【CVE-2024-1708】ConnectWise ScreenConnect Path Traversal Vulnerability (CVSS v3.1: 8.4)
【Exploited by Ransomware: Unknown】 ConnectWise ScreenConnect has a path traversal vulnerability that could allow attackers to execute remote code or directly affect confidential data and critical systems.

【CVE-2026-32202】Microsoft Windows Protection Mechanism Failure Vulnerability (CVSS v3.1: 4.3)
【Exploited by Ransomware: Unknown】 Microsoft Windows Shell has a protection mechanism failure vulnerability that could allow unauthorized attackers to launch spoofed attacks over the network.

【CVE-2026-41940】WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability (CVSS v3.1: 9.8)
【Exploited by Ransomware: Unknown】 WebPros cPanel, WHM (WebHost Manager), and WP2 (WordPress Squared) contain an authentication bypass vulnerability in their login process, allowing unauthenticated remote attackers to access the control panel.

【CVE-2026-31431】Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability (CVSS v3.1: 7.8)
【Exploited by Ransomware: Unknown】 The Linux Kernel contains an Incorrect Resource Transfer Between Spheres vulnerability, which could lead to privilege escalation.

[Affected Platforms]
【CVE-2024-1708】Please refer to the official list of affected versions: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

【CVE-2026-32202】Please refer to the official list of affected versions: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202

【CVE-2026-41940】Please refer to the official list of affected versions: https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026

【CVE-2026-31431】Please refer to the official list of affected versions. https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/

[Recommended Actions]
【CVE-2024-1708】 An official patch update has been released for this vulnerability. Please update to the relevant version: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

【CVE-2026-32202】 An official patch update has been released for this vulnerability. Please update to the relevant version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202

【CVE-2026-41940】 An official patch update has been released for this vulnerability. Please update to the relevant version. https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026

【CVE-2026-31431】 An official patch update has been released for this vulnerability. Please update to the relevant version. https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/

Files
None
【Back】
Top↑