Vulnerabilities Recent Ivanti Endpoint Manager Flaw Exploited in Attacks CISA has added the high-severity authentication bypass vulnerability to its KEV list, along with SolarWinds and Workspace One bugs. By Ionut Arghire | March 10, 2026 (7:51 AM ET) Flipboard Reddit Whatsapp Whatsapp Email The US cybersecurity agency CISA on Tuesday expanded its Known Exploited Vulnerabilities (KEV) catalog with another Ivanti bug, urging its immediate patching. The issue, tracked as CVE-2026-1603 (CVSS score of 8.6), is a high-severity authentication bypass vulnerability in Ivanti Endpoint Manager that could be exploited to leak credential data. Impacting all Endpoint Manager iterations before version 2024 SU5, the security defect was patched in early February , when Ivanti said it was not aware of its in-the-wild exploitation. The company has yet to update its advisory. On Tuesday, CISA urged federal agencies to apply patches for CVE-2026-1603 within two weeks, which is one week faster than the typical three-week patching window mandated by Binding Operational Directive (BOD) 22-01. The same pathing window applies to another vulnerability newly added to KEV, namely CVE-2021-22054 (CVSS score of 7.5), a high-severity server-side request forgery (SSRF) issue in Omnissa Workspace One UEM (formerly VMware Workspace One UEM). Patched in December 2021 , the issue could allow an attacker with network access to UEM to send unauthenticated requests and access sensitive data in the management console. Advertisement. Scroll to continue reading. In March last year, GreyNoise warned of a surge in the exploitation of a dozen SSRF bugs in products from multiple vendors, including CVE-2021-22054. On Tuesday, CISA added the Workspace One UEM flaw to the KEV catalog along with the Ivanti vulnerability and CVE-2025-26399 (CVSS score of 9.8), a remote code execution (RCE) flaw in SolarWinds Web Help Desk (WHD) patched in September 2025 . CVE-2025-26399 is a patch bypass for CVE-2024-28988, which was a patch bypass for CVE-2024-28986. Last month, Microsoft flagged it as potentially exploited in the wild in December 2025. Now, CISA has confirmed CVE-2025-26399’s exploitation, as well as its severity, giving federal agencies only one week to identify and patch vulnerable WHD instances within their environments. Related: CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities Related: Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited Related: CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List Related: Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Over 100 GitHub Repositories Distributing BoryptGrab Stealer ArmorCode Raises $16 Million for Exposure Management Platform CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List Iranian APT Hacked US Airport, Bank, Software Company Reclaim Security Raises $20 Million to Accelerate Remediation Cisco Patches Critical Vulnerabilities in Enterprise Networking Products AI Security Firm JetStream Launches With $34 Million in Seed Funding Google Plans Two-Week Release Schedule for Chrome Latest News SIM Swaps Expose a Critical Flaw in Identity Security Cylake Raises $45 Million to Secure Organizations Barred From Cloud Cybersecurity M&A Roundup: 42 Deals Announced in February 2026 ClickFix Attack Uses Windows Terminal to Evade Detection Internet Infrastructure TLD .arpa Abused in Phishing Attacks Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Ed Jennings has been appointed President and CEO at Darktrace. Ironscales has appointed Steven Malone as CSO and Amit Bluman as SVP of Research & Development. Synack has appointed Angela Heindl-Schober Chief Marketing Officer. More People On The Move Expert Insights SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email