The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert concerning vulnerabilities in prominent software systems, highlighting their active exploitation by cyber attackers. On Monday, CISA updated its Known Exploited Vulnerabilities (KEV) catalog to include three critical security flaws, emphasizing the urgency for organizations to address these weaknesses.
Critical Vulnerabilities Identified
The vulnerabilities added to the KEV catalog involve software from Omnissa Workspace One, SolarWinds, and Ivanti. Specifically, CVE-2021-22054 affects the Workspace One UEM, presenting a server-side request forgery (SSRF) issue that can be exploited to gain unauthorized access to sensitive data. Another significant flaw, CVE-2025-26399, impacts the SolarWinds Web Help Desk, allowing attackers to execute commands via deserialization of untrusted data. Furthermore, CVE-2026-1603 in Ivanti Endpoint Manager can lead to credential leakage due to an authentication bypass vulnerability.
Exploitation Evidence and Threat Response
Microsoft and Huntress have reported active exploitation of the SolarWinds vulnerability by threat actors, suspected to be the Warlock ransomware group. Additionally, the SSRF vulnerability in Workspace One was previously identified by GreyNoise as part of a broader exploit campaign. Currently, there is limited information on the active exploitation of the Ivanti vulnerability, and its security bulletin remains unupdated in this regard.
Federal Response and Security Measures
In response to these threats, CISA has directed Federal Civilian Executive Branch (FCEB) agencies to mitigate risks by applying necessary patches. Agencies are required to address the SolarWinds Web Help Desk vulnerability by March 12, 2026, and complete updates for the Workspace One and Ivanti vulnerabilities by March 23, 2026. These measures are critical to safeguarding federal systems from potential breaches.
CISA underscores the significance of these vulnerabilities as frequent targets for cyber attackers, posing elevated risks to federal operations. Organizations are encouraged to prioritize these updates to fortify their cybersecurity defenses against ongoing threats.
