Key Findings CISA added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog CVE-2024-1708 is a critical path traversal flaw in ConnectWise ScreenConnect (CVSS 8.4) allowing remote code execution CVE-2026-32202 is a Windows Shell spoofing vulnerability (CVSS 4.3) currently under active exploitation by multiple threat actors Federal agencies must patch both vulnerabilities by May 12, 2026 The ConnectWise flaw has been chained with a critical au