【Vulnerability Alert】CISA Adds 14 Known Exploited Vulnerabilities to the KEV Catalog (2026/04/20-2026/04/26) (Part 2)

publish date : 2026-04-30 update date : 2026-04-30

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026042704040909	Publication Time	2026-04-27 16:57
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026-04-27 16:57
Impact Level	Low
[Subject] 【Vulnerability Alert】CISA Adds 14 Known Exploited Vulnerabilities to the KEV Catalog (2026/04/20-2026/04/26) (Part 2)
[Content] Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Information Security Alert TWCERTCC-200-202604-00000028 【CVE-2024-27199】JetBrains TeamCity Relative Path Traversal Vulnerability (CVSS v3.1: 7.3) 【Whether exploited by ransomware: Known】 JetBrains TeamCity contains a relative path traversal vulnerability, which may lead to the ability to perform limited administrator operations. 【CVE-2026-33825】Microsoft Defender Insufficient Granularity of Access Control Vulnerability (CVSS v3.1: 7.8) 【Whether exploited by ransomware: Unknown】 Microsoft Defender contains an insufficient granularity of access control vulnerability, which may allow an authorized attacker to perform privilege escalation locally. 【CVE-2026-39987】Marimo Remote Code Execution Vulnerability (CVSS v3.1: 9.8) 【Whether exploited by ransomware: Unknown】 Marimo contains a pre-authentication remote code execution vulnerability, allowing an unauthenticated attacker to obtain shell access and execute arbitrary system commands. 【CVE-2025-29635】D-Link DIR-823X Command Injection Vulnerability (CVSS v3.1: 7.2) 【Whether exploited by ransomware: Unknown】 D-Link DIR-823X contains a command injection vulnerability, allowing an authorized attacker to execute arbitrary commands on the remote device by sending a POST request to /goform/set_prohibiting. The affected product may have reached the end-of-life (EoL) or end-of-service (EoS) stage. Users are advised to stop using this product. 【CVE-2024-7399】Samsung MagicINFO 9 Server Path Traversal Vulnerability (CVSS v3.1: 8.8) 【Whether exploited by ransomware: Unknown】 Samsung MagicINFO 9 Server contains a path traversal vulnerability, which may allow an attacker to write arbitrary files with system privileges. 【CVE-2024-57728】SimpleHelp Path Traversal Vulnerability (CVSS v3.1: 7.2) 【Whether exploited by ransomware: Unknown】 SimpleHelp contains a path traversal vulnerability, allowing an administrator user to upload arbitrary files to any location in the file system by uploading a specially crafted ZIP file. This vulnerability can be exploited to allow an attacker to execute arbitrary code on the host as the SimpleHelp server user. 【CVE-2024-57726】SimpleHelp Missing Authorization Vulnerability (CVSS v3.1: 9.9) 【Whether exploited by ransomware: Unknown】 SimpleHelp contains a missing authorization vulnerability, which may allow a low-privileged technician to create API keys with excessive privileges. These API keys can be used to escalate privileges to the server administrator role. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] 【CVE-2024-27199】Please refer to the affected versions listed by the official source https://www.jetbrains.com/privacy-security/issues-fixed/ 【CVE-2026-33825】Please refer to the affected versions listed by the official source https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 【CVE-2026-39987】Please refer to the affected versions listed by the official source https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc 【CVE-2025-29635】 D-Link DIR-823X 240126, D-Link DIR-823X 240802 【CVE-2024-7399】Please refer to the affected versions listed by the official source https://security.samsungtv.com/securityUpdates 【CVE-2024-57728】Please refer to the affected versions listed by the official source https://guides.simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier 【CVE-2024-57726】Please refer to the affected versions listed by the official source https://guides.simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
[Recommended Actions] 【CVE-2024-27199】 The official source has released a fix update for the vulnerability. Please update to the relevant version https://www.jetbrains.com/privacy-security/issues-fixed/ 【CVE-2026-33825】 The official source has released a fix update for the vulnerability. Please update to the relevant version https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 【CVE-2026-39987】 The official source has released a fix update for the vulnerability. Please update to the relevant version https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc 【CVE-2025-29635】 The affected product may have reached the end-of-life (EoL) or end-of-service (EoS) stage. Users are advised to stop using this product. 【CVE-2024-7399】 The official source has released a fix update for the vulnerability. Please update to the relevant version https://security.samsungtv.com/securityUpdates 【CVE-2024-57728】 The official source has released a fix update for the vulnerability. Please update to the relevant version https://guides.simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier 【CVE-2024-57726】 The official source has released a fix update for the vulnerability. Please update to the relevant version https://guides.simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share