The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added three security flaws to its Recognized Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.
The vulnerability checklist is as follows –
- CVE-2021-22054 (CVSS rating: 7.5) – A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (previously VMware Workspace One UEM) that might permit a malicious actor with community entry to UEM to ship requests with out authentication and to realize entry to delicate info.
- CVE-2025-26399 (CVSS rating: 9.8) – A deserialization of untrusted information vulnerability within the AjaxProxy part of SolarWinds Internet Assist Desk that might permit an attacker to run instructions on the host machine.
- CVE-2026-1603 (CVSS rating: 8.6) – An authentication bypass utilizing an alternate path or channel vulnerability in Ivanti Endpoint Supervisor that might permit a distant unauthenticated attacker to leak particular saved credential information.
The addition of CVE-2025-26399 comes within the wake of stories from Microsoft and Huntress that menace actors are exploiting security flaws in SolarWinds Internet Assist Desk to acquire preliminary entry. The exercise is believed to be the work of the Warlock ransomware crew.
CVE-2021-22054, however, was flagged by GreyNoise in March 2025 as being exploited along side a number of different SSRF vulnerabilities in different merchandise as a part of a coordinated marketing campaign.
There are presently no particulars on how CVE-2026-1603 is being weaponized within the wild. As of writing, Ivanti’s security bulletin has not been up to date to replicate the exploitation standing.
To counter the chance posed by energetic threats, Federal Civilian Government Department (FCEB) companies have been ordered to use the repair for SolarWinds Internet Assist Desk by March 12, 2026, and the remaining two by March 23, 2026.
“A lot of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose important dangers to the federal enterprise,” CISA mentioned.
