CISA Highlights Exploited Vulnerabilities in Key Software

CISA Highlights Exploited Vulnerabilities in Key Software

Posted on By CWS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert concerning vulnerabilities in prominent software systems, highlighting their active exploitation by cyber attackers. On Monday, CISA updated its Known Exploited Vulnerabilities (KEV) catalog to include three critical security flaws, emphasizing the urgency for organizations to address these weaknesses.

Critical Vulnerabilities Identified

The vulnerabilities added to the KEV catalog involve software from Omnissa Workspace One, SolarWinds, and Ivanti. Specifically, CVE-2021-22054 affects the Workspace One UEM, presenting a server-side request forgery (SSRF) issue that can be exploited to gain unauthorized access to sensitive data. Another significant flaw, CVE-2025-26399, impacts the SolarWinds Web Help Desk, allowing attackers to execute commands via deserialization of untrusted data. Furthermore, CVE-2026-1603 in Ivanti Endpoint Manager can lead to credential leakage due to an authentication bypass vulnerability.

Exploitation Evidence and Threat Response

Microsoft and Huntress have reported active exploitation of the SolarWinds vulnerability by threat actors, suspected to be the Warlock ransomware group. Additionally, the SSRF vulnerability in Workspace One was previously identified by GreyNoise as part of a broader exploit campaign. Currently, there is limited information on the active exploitation of the Ivanti vulnerability, and its security bulletin remains unupdated in this regard.

Federal Response and Security Measures

In response to these threats, CISA has directed Federal Civilian Executive Branch (FCEB) agencies to mitigate risks by applying necessary patches. Agencies are required to address the SolarWinds Web Help Desk vulnerability by March 12, 2026, and complete updates for the Workspace One and Ivanti vulnerabilities by March 23, 2026. These measures are critical to safeguarding federal systems from potential breaches.

CISA underscores the significance of these vulnerabilities as frequent targets for cyber attackers, posing elevated risks to federal operations. Organizations are encouraged to prioritize these updates to fortify their cybersecurity defenses against ongoing threats.

The Hacker News Tags:, , , , , , , , ,

Related Posts

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution The Hacker News
GitHub Vulnerability in Codespaces Exposes GITHUB_TOKEN GitHub Vulnerability in Codespaces Exposes GITHUB_TOKEN The Hacker News
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations The Hacker News
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling The Hacker News
[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them [Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them The Hacker News
Filling the Most Common Gaps in Google Workspace Security Filling the Most Common Gaps in Google Workspace Security The Hacker News