CISA added three vulnerabilities — CVE-2021-22054, CVE-2025-26399, and CVE-2026-1603 — to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The list includes a SolarWinds Web Help Desk deserialization flaw tied to the Warlock group, an SSRF in Omnissa Workspace One UEM, and an Ivanti Endpoint Manager authentication bypass, with federal patch deadlines set for March 2026. #SolarWindsWebHelpDesk #Warlock
Keypoints
- CISA added CVE-2021-22054, CVE-2025-26399, and CVE-2026-1603 to the KEV catalog due to active exploitation.
- CVE-2025-26399 is a critical deserialization flaw in the AjaxProxy component of SolarWinds Web Help Desk that can allow remote command execution.
- CVE-2021-22054 is an SSRF in Omnissa Workspace One UEM that can expose sensitive information without authentication.
- CVE-2026-1603 is an Ivanti Endpoint Manager authentication bypass that may leak stored credentials, with no confirmed public exploitation yet.
- FCEB agencies must apply the SolarWinds fix by March 12, 2026, and the remaining fixes by March 23, 2026, per CISA guidance.
Read More: https://thehackernews.com/2026/03/cisa-flags-solarwinds-ivanti-and.html