CISA Adds Four Actively Exploited CVEs to KEV Catalog: What Your Team Must Do Now
Samsung MagicINFO, SimpleHelp, and D-Link DIR-823X vulnerabilities are under active attack — here is your 30-day response playbook.
Published 2026-05-14
# CISA Adds Four Actively Exploited CVEs to KEV Catalog: What Your Team Must Do Now
On April 24, 2026, CISA updated its Known Exploited Vulnerabilities (KEV) Catalog with four new entries confirmed to be under active exploitation, spanning Samsung MagicINFO 9 Server, SimpleHelp remote-support software, and D-Link DIR-823X routers.
What CISA Flagged — and Why It Is Serious
The four newly catalogued vulnerabilities are:
- CVE-2024-7399 — Samsung MagicINFO 9 Server Path Traversal Vulnerability
- CVE-2024-57726 — SimpleHelp Missing Authorization Vulnerability
- CVE-2024-57728 — SimpleHelp Path Traversal Vulnerability
- CVE-2025-29635 — D-Link DIR-823X Command Injection Vulnerability
Path traversal and missing-authorization flaws allow attackers to read or overwrite sensitive files outside intended directories or escalate privileges without valid credentials. Command injection vulnerabilities on edge devices like the D-Link DIR-823X can give threat actors persistent, low-visibility footholds inside a network perimeter. CISA's inclusion in the KEV Catalog means real-world exploitation is already occurring — these are not theoretical risks.
Under Binding Operational Directive 22-01, federal civilian agencies are required to remediate KEV entries within defined deadlines. Private-sector organizations are strongly encouraged to treat the KEV Catalog as an authoritative signal for prioritizing patching efforts.
Why Compliance Teams Should Pay Attention
These vulnerabilities are not just an IT operations problem — they carry direct compliance consequences across multiple frameworks:
- NIS2 requires essential and important entities to implement vulnerability handling and incident response proportional to risk. Active exploitation of a known CVE in your environment without documented remediation action is a clear control gap.
- SOC 2 (CC7) demands continuous monitoring and timely response to threats. An unpatched KEV-listed vulnerability directly undermines your Trust Services Criteria evidence.
- ISO 27001 (Annex A.8) covers asset and vulnerability management — auditors will ask for evidence of timely patching and compensating controls.
- PCI DSS v4.0 (Requirement 6) mandates that security vulnerabilities be identified and ranked, with critical vulnerabilities addressed within one month.
- HIPAA requires covered entities and business associates to protect ePHI from reasonably anticipated threats — known, actively exploited vulnerabilities qualify.
If a breach occurs and these CVEs were present and unmitigated, you face not just remediation costs but regulatory exposure across whichever frameworks govern your organization.
Your 7-to-30-Day Action Plan
Within 7 days:
- Inventory all instances of Samsung MagicINFO 9 Server, SimpleHelp, and D-Link DIR-823X devices across every network segment, including remote-office and OT environments.
- Apply vendor-supplied patches immediately where available. For D-Link DIR-823X, check vendor support status — end-of-life devices may require isolation or replacement.
- Confirm firewall and network segmentation rules prevent direct external access to affected services.
Within 30 days:
- Document remediation evidence aligned to your active compliance frameworks (NIS2 Article 21, SOC 2 CC7, ISO 27001 A.8.8, PCI DSS Req. 6, HIPAA §164.308).
- Run a full asset-vulnerability correlation scan to verify no shadow instances remain.
- Update your incident response runbooks to include KEV Catalog monitoring as a standing weekly review.
- Brief your CISO and compliance officer on residual risk and any compensating controls applied.
Start Monitoring and Documenting Compliance Evidence Today
RDS GoSOC AI maps your vulnerability posture and remediation evidence against all 16 supported frameworks — including NIS2, SOC 2, ISO 27001, HIPAA, and PCI DSS — in a single multi-tenant platform. Start a 14-day free trial at platform.reremrdsgosoc.com/register with every paid feature fully unlocked and no credit card required. Once inside, open the User Guide tab to get oriented quickly, and ask Sage — the platform's AI assistant — any setup or framework-mapping questions you have. When CISA updates its catalog again, you will already have the detection and evidence workflows running.