【Vulnerability Alert】CISA Adds 4 Known Exploited Vulnerabilities to KEV Catalog (2026/04/27-2026/05/03)

• Subject: 【Vulnerability Alert】CISA Adds 4 Known Exploited Vulnerabilities to KEV Catalog (2026/04/27-2026/05/03)

• Description:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202605-00000003
  • 【CVE-2024-1708】ConnectWise ScreenConnect Path Traversal Vulnerability (CVSS v3.1: 8.4)
  • 【Ransomware Exploitation: Unknown】 ConnectWise ScreenConnect contains a path traversal vulnerability that could allow an attacker to execute remote code or directly impact confidential data and critical systems.
  • 【CVE-2026-32202】Microsoft Windows Protection Mechanism Failure Vulnerability (CVSS v3.1: 4.3)
  • 【Ransomware Exploitation: Unknown】 Microsoft Windows Shell contains a protection mechanism failure vulnerability, allowing an unauthorized attacker to perform spoofing attacks over the network.
  • 【CVE-2026-41940】WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability (CVSS v3.1: 9.8)
  • 【Ransomware Exploitation: Unknown】 WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login process, allowing unauthenticated remote attackers to access the control panel.
  • 【CVE-2026-31431】Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability (CVSS v3.1: 7.8)
  • 【Ransomware Exploitation: Unknown】 Linux Kernel contains an Incorrect Resource Transfer Between Spheres vulnerability, which may lead to privilege escalation.
• Affected Platforms:
  • 【CVE-2024-1708】 Please refer to the affected versions listed by the official source: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
  • 【CVE-2026-32202】 Please refer to the affected versions listed by the official source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
  • 【CVE-2026-41940】 Please refer to the affected versions listed by the official source: https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
  • 【CVE-2026-31431】 Please refer to the affected versions listed by the official source: https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/
• Recommended Actions:
  • 【CVE-2024-1708】 Official fix updates have been released; please update to the relevant version: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
  • 【CVE-2026-32202】 Official fix updates have been released; please update to the relevant version: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202
  • 【CVE-2026-41940】 Official fix updates have been released; please update to the relevant version: https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026
  • 【CVE-2026-31431】 Official fix updates have been released; please update to the relevant version: https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/

Computer and Communication Center
Network Systems Division