CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

2026-03-10

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog targeting SolarWinds, Ivanti, and Omnissa products.

•CVE-2025-26399 (CVSS 9.8): Deserialization flaw in SolarWinds Web Help Desk AjaxProxy component enabling remote command execution, linked to the Warlock ransomware group.
•CVE-2026-1603 (CVSS 8.6): Authentication bypass in Ivanti Endpoint Manager allowing unauthenticated attackers to leak stored credential data, with active exploitation traced to IP 103.69.224[.]98.
•CVE-2021-22054 (CVSS 7.5): SSRF vulnerability in Omnissa Workspace One UEM enabling unauthenticated requests and sensitive data access, flagged by GreyNoise as part of a coordinated SSRF campaign.
•FCEB agencies must patch SolarWinds by March 12, 2026, and the remaining two by March 23, 2026.

This summary was automatically generated by AI based on the original article and may not be fully accurate.

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture