The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that it has added three newly identified security issues to its Known Exploited Vulnerabilities (KEV) catalog after confirming they are being actively exploited in the wild.
The newly listed vulnerabilities include:
-
CVE-2021-22054 (CVSS 7.5) A server-side request forgery (SSRF) flaw in Omnissa Workspace One UEM (formerly VMware Workspace One UEM). This issue enables an attacker with network access to the UEM system to issue unauthorized requests and potentially obtain sensitive data.
-
CVE-2025-26399 (CVSS 9.8) A critical deserialization vulnerability in the Solaris Web Help Desk AjaxProxy component. Successful exploitation allows attackers to execute commands on the underlying host system.
-
CVE-2026-1603 (CVSS 8.6) An authentication bypass issue in Ivanti Endpoint Manager that lets an unauthenticated remote attacker access specific stored credential data through an alternate pathway.
The inclusion of CVE-2025-26399 follows recent findings from Microsoft and Huntress indicating that attackers are actively exploiting SolarWinds Web Help Desk flaws to gain initial footholds in victim environments. This activity is suspected to be linked to the Warlock ransomware group.
Meanwhile, CVE-2021-22054 was highlighted by GreyNoise in March 2025 as being leveraged alongside multiple other SSRF vulnerabilities across different products in a coordinated attack campaign.
At present, there are no public details describing how CVE-2026-1603 is being exploited. Ivanti has yet to update its security advisory to acknowledge active exploitation.
To mitigate ongoing risks, CISA has directed Federal Civilian Executive Branch (FCEB) agencies to patch SolarWinds Web Help Desk by March 12, 2026, and to apply fixes for the remaining two vulnerabilities by March 23, 2026.
“Such vulnerabilities are common targets for malicious cyber actors and present substantial risks to federal networks,” CISA stated.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
