CISA Adds 8 Exploited Vulnerabilities to KEV Catalog with May 4 Deadline for Federal Agencies

CISA added eight actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog on April 20, setting a May 4, 2026 deadline for Federal Civilian Executive Branch agencies to remediate five of them. Three Cisco Catalyst SD-WAN Manager flaws are included: CVE-2026-20128 (CVSS 7.5, storing passwords in recoverable format), CVE-2026-20133 (CVSS 6.5, exposure of sensitive information), and CVE-2026-20122 (incorrect use of privileged APIs). Cisco confirmed active exploitation of CVE-2026-20122 and CVE-2026-20128 in March 2026. The remaining five vulnerabilities affect PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE SMA, and Synacor Zimbra Collaboration Suite. CISA also separately added CVE-2026-31431, a 9-year-old Linux kernel local privilege escalation flaw (CVSS 7.8), to the KEV on May 1 after confirming active exploitation.