A CISA alert added three security flaws to the Known Exploited Vulnerabilities catalog on Monday and set deadlines for federal civilian agencies to apply fixes.
KEY FACTS
- Incident Three vulnerabilities added to the KEV catalog
- Affected products Omnissa Workspace One UEM, SolarWinds Web Help Desk, Endpoint Manager
- CVEs CVE-2021-22054, CVE-2025-26399, CVE-2026-1603
- Federal deadlines SolarWinds fix by March 12 2026 and the other two by March 23 2026
The three catalog entries are CVE-2021-22054 with a CVSS score of 7.5, CVE-2025-26399 with a score of 9.8, and CVE-2026-1603 with a score of 8.6.
CVE-2021-22054 is a server side request forgery vulnerability in Omnissa Workspace One UEM that can allow an actor with network access to send requests without authentication and access sensitive information.
CVE-2025-26399 is a deserialization of untrusted data issue in the AjaxProxy component of SolarWinds Web Help Desk that could permit an attacker to execute commands on the host.
CVE-2026-1603 is an authentication bypass using an alternate path or channel in Endpoint Manager that could allow a remote unauthenticated actor to leak specific stored credential data. Ivanti’s security bulletin has not been updated to reflect an exploitation status as of this writing.
WHY IT MATTERS
Inclusion in the Known Exploited Vulnerabilities catalog signals active exploitation or credible evidence of exploitation and triggers mandatory remediation timelines for federal civilian agencies. Rapid patching reduces the window for attackers to use these flaws to gain access or run code on affected systems.