ACCORDING to The U.S. Cybersecurity and Infrastructure Security Agency (CISA), three security flaws have been added to the KEV catalog based on evidence of active exploitation. The list includes CVE-2021-22054, a server-side request forgery vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) with a CVSS score of 7.5, which could allow a malicious actor with network access to UEM to send requests without authentication and access sensitive information.
Also flagged is CVE-2025-26399, a deserialization vulnerability in the AjaxProxy component of SolarWinds Web Help Desk, rated 9.8, which could allow an attacker to run commands on the host machine; this follows reports that Warlock ransomware actors are exploiting SolarWinds Web Help Desk flaws to gain initial access.
The third entry is CVE-2026-1603, an authentication bypass vulnerability in Ivanti Endpoint Manager with a CVSS of 8.6, potentially enabling a remote unauthenticated attacker to leak stored credential data. Agencies have been ordered to apply fixes by 12 March 2026 for SolarWinds Web Help Desk and by 23 March 2026 for the other two, as part of mitigations against active threats. Ivanti’s security bulletin, as of writing, has not been updated to reflect exploitation status.