CISA adds ConnectWise, Microsoft flaws to exploit

On April 29, 2026, the U.S. Cybersecurity and Infrastructure Security Agency urgently updated its catalog of actively exploited threats, adding two critical vulnerabilities in widely used enterprise software. This action was based on confirmed evidence of active exploitation by malicious actors.

The first vulnerability, CVE-2024-1708, is a path traversal flaw in ConnectWise ScreenConnect that could permit remote code execution. The second, CVE-2026-32202, is a protection mechanism failure in Microsoft Windows Shell allowing network spoofing.

Microsoft updated its advisory to acknowledge active exploitation of the Windows flaw just a day before the CISA listing. However, the company has not publicly detailed the specific attacks leveraging the Shell vulnerability.

According to Akamai, CVE-2026-32202 stemmed from an incomplete patch for another vulnerability, CVE-2026-21510. Consequently, this flaw was exploited as a zero-day by the Russian group APT28 alongside CVE-2026-21513 in attacks since December 2025.

Meanwhile, exploitation of the ConnectWise ScreenConnect bug, CVE-2024-1708, has been chained with a critical authentication bypass (CVE-2024-1709) for years. Earlier in April 2026, Microsoft linked these flaws to the China-based threat actor Storm-1175 in ransomware attacks.

Federal Civilian Executive Branch agencies are now required to apply necessary patches by May 12, 2026. This mandate aims to secure networks against these documented and ongoing threats.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Inside Valdora Finance: How Liquid Vaults Are Bringing Real-World Yield On-Chain
• Robinhood shares drop 9.4% as crypto revenue halves
• Bitcoin Dips to $76K As Regulatory, Tech Worries Mount
• Critical GitHub RCE Flaw Lets Attacker Execute Code via Git Push
• Tank OS Secures OpenClaw AI Agents in Containers