Known exploited
ConnectWise
CVE published 2026-04-28
CVE-2024-1708
CVE-2024-1708 is a ConnectWise ScreenConnect path traversal vulnerability that CISA has listed in its Known Exploited Vulnerabilities catalog. That KEV inclusion means CISA considers the issue known to be exploited in the wild and has set a remediation due date of 2026-05-12 for the public sector. The safest response is to apply vendor-recommended mitigations immediately; if mitigations are not available [truncated]