ACCORDING to SecurityWeek, the US Cybersecurity and Infrastructure Security Agency (CISA) has added Ivanti Endpoint Manager’s high-severity authentication bypass vulnerability, CVE-2026-1603 (CVSS 8.6), to its Known Exploited Vulnerabilities (KEV) catalog and urged immediate patching. The flaw could be exploited to leak credential data and affects all Endpoint Manager iterations before version 2024 SU5; Ivanti said it was patched in early February, but the advisory has not yet been updated.
CISA has directed federal agencies to patch within two weeks, a faster window than the usual three weeks mandated by Binding Operational Directive 22-01. The article also notes related KEV additions, including CVE-2021-22054, a high-severity SSRF issue in Omnissa Workspace One UEM, and CVE-2025-26399, a patch bypass for SolarWinds Web Help Desk, which Microsoft has flagged as potentially exploited in the wild.
SecurityWeek highlights that CVE-2025-26399’s exploitation has been confirmed by CISA, emphasising the need for rapid remediation across affected environments.