The Latest Cybersecurity Threats Identified by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added three new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after detecting active exploitation of these weaknesses.
Here are the vulnerabilities that have been identified:
- CVE-2021-22054 (CVSS score: 7.5) – This vulnerability involves a server-side request forgery (SSRF) flaw in Omnissa Workspace One UEM, previously known as VMware Workspace One UEM. It enables a malicious actor with network access to UEM to send unauthenticated requests and access sensitive information.
- CVE-2025-26399 (CVSS score: 9.8) – A deserialization vulnerability in the AjaxProxy component of SolarWinds Web Help Desk that allows attackers to execute commands on the host machine.
- CVE-2026-1603 (CVSS score: 8.6) – This vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to bypass authentication and access specific stored credential data.
The inclusion of CVE-2025-26399 in the KEV catalog follows reports from Microsoft and Huntress indicating that threat actors, possibly affiliated with the Warlock ransomware group, are actively exploiting vulnerabilities in SolarWinds Web Help Desk to gain initial access.
Regarding CVE-2021-22054, GreyNoise identified it as being exploited in coordination with other SSRF vulnerabilities in various products during a campaign in March 2025.
As for CVE-2026-1603, there is limited information on how it is being utilized by threat actors. Ivanti has yet to update its security bulletin to reflect the exploitation status.
To mitigate the risks posed by these active threats, Federal Civilian Executive Branch (FCEB) agencies have been instructed to apply the fix for SolarWinds Web Help Desk by March 12, 2026, and address the other two vulnerabilities by March 23, 2026.
CISA emphasized the significance of addressing these vulnerabilities promptly, stating, “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
