CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited  Ravie Lakshmanan  Mar 10, 2026 Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery ( SSRF ) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that could allow a malicious actor with network access to UEM to send requests without authentication and to gain access to sensitive information. CVE-2025-26399 (CVSS score: 9.8) - A deserialization of untrusted data vulnerability in the AjaxProxy component of SolarWinds Web Help Desk that could allow an attacker to run commands on the host machine. CVE-2026-1603 (CVSS score: 8.6) - An authentication bypass using an alternate path or channel vulnerability in Ivanti Endpoint Manager that could allow a remote unauthenticated attacker to leak specific stored credential data. The addition of CVE-2025-26399 comes in the wake of reports from Microsoft and Huntress that threat actors are exploiting security flaws in SolarWinds Web Help Desk to obtain initial access. The activity is believed to be the work of the Warlock ransomware crew. CVE-2021-22054, on the other hand, was flagged by GreyNoise in March 2025 as being exploited in conjunction with several other SSRF vulnerabilities in other products as part of a coordinated campaign. There are currently no details on how CVE-2026-1603 is being weaponized in the wild. As of writing, Ivanti's security bulletin has not been updated to reflect the exploitation status. To counter the risk posed by active threats, Federal Civilian Executive Branch (FCEB) agencies have been ordered to apply the fix for SolarWinds Web Help Desk by March 12, 2026, and the remaining two by March 23, 2026. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post. SHARE      Tweet  Share  Share  Share   Share on Facebook  Share on Twitter  Share on Linkedin  Share on Reddit  Share on Hacker News  Share on Email  Share on WhatsApp Share on Facebook Messenger  Share on Telegram SHARE  CISA , cybersecurity , enterprise security , Ivanti , ransomware , SolarWinds , Threat Intelligence , vmware , Vulnerability Trending News ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Popular Resources 100+ Domains Multiply Attack Risk 6× - Download the CTEM Divide Research Boost SOC Efficiency with AI-Guided Triage — Download Investigator Overview Silent Residency Is the New Threat Model — Download the Red Report Exposed Cloud Training Apps Are Letting Hackers In — Download the Research