CISA Alerts on Four Critical Vulnerabilities in SimpleHelp and Samsung MagicINFO 9 Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on April 24, 2026, requiring federal agencies to apply mitigations by May 8, 2026.

The newly added flaws affect widely used remote access and network management products: Samsung MagicINFO 9 Server, SimpleHelp remote support software, and D-Link DIR-823X series routers. CISA confirmed active exploitation of each vulnerability in the wild, prompting urgent remediation guidance for all organizations using these technologies.

CVE-2024-7399 is a path traversal vulnerability in Samsung MagicINFO 9 Server that could allow attackers to access sensitive files outside the intended directory structure. CISA listed this flaw with a remediation deadline of May 8, 2026, for Federal Civilian Executive Branch (FCEB) agencies under Binding Operational Directive (BOD) 22-01.

Two vulnerabilities were added for SimpleHelp: CVE-2024-57726, a missing authorization flaw that could let low-privileged technicians create API keys with excessive permissions, and CVE-2024-57728, a path traversal issue. Both could be chained to escalate privileges to server admin level, potentially enabling full system control. CISA noted that missing authorization vulnerabilities like CVE-2024-57726 have been observed in ransomware campaigns, although it did not confirm ransomware use for these specific flaws.

CVE-2025-29635 affects D-Link DIR-823X routers and involves a command injection vulnerability that could allow unauthenticated attackers to execute arbitrary commands on the device. This flaw could be exploited to compromise network infrastructure, intercept traffic, or use the router as a pivot point for lateral movement within corporate networks.

All four vulnerabilities were added to the KEV Catalog based on confirmed evidence of active exploitation, not theoretical risk. CISA emphasized that organizations should prioritize patching or applying vendor-recommended mitigations regardless of whether they are subject to federal requirements, as the flaws represent precursor techniques commonly used in ransomware deployment and network espionage.

SimpleHelp released security advisories for CVE-2024-57726 and CVE-2024-57728, directing users to version-specific mitigation guidance available in its knowledge base. Samsung and D-Link have also issued updates or workarounds for their respective vulnerabilities, though specific patch versions were not detailed in the CISA notifications.

BOD 22-01 mandates that FCEB agencies remediate KEV-listed vulnerabilities by the specified due dates, but CISA urges all organizations to treat these flaws as high-priority risks due to their confirmed use in attacks. The KEV Catalog serves as a living list of CVEs posing significant risk to federal enterprises and is updated regularly based on threat intelligence and exploit verification.

Organizations using Samsung MagicINFO 9 Server, SimpleHelp, or D-Link DIR-823X devices should review vendor security advisories, apply available patches, and implement network segmentation and monitoring to reduce exposure while remediation is underway.