Today's cybersecurity headlines are brought to you by ThreatPerspective

U.S. CISA Adds Ivanti EPM, SolarWinds, and Omnissa Workspace One Flaws to its Known Exploited Vulnerabilities Catalog

U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog. The additions include CVE-2021-22054, a Server-Side Request Forgery (SSRF) flaw in VMware Workspace ONE UEM console; CVE-2025-26399, a deserialization of untrusted data vulnerability in SolarWinds' Web Help Desk software; and CVE-2026-1603, an authentication bypass vulnerability in Ivanti Endpoint Manager (EPM). These flaws have significant implications for the security posture of affected systems and organizations.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added several high-priority vulnerabilities in various systems to its Known Exploited Vulnerabilities (KEV) catalog. The additions include CVE-2021-22054, a Server-Side Request Forgery (SSRF) flaw in VMware Workspace ONE UEM console; CVE-2025-26399, a deserialization of untrusted data vulnerability in SolarWinds' Web Help Desk software; and CVE-2026-1603, an authentication bypass vulnerability in Ivanti Endpoint Manager (EPM). These flaws have been identified as having a significant impact on the security posture of affected systems and organizations.

The CVE-2021-22054 vulnerability is particularly noteworthy, as it allows attackers with network access to send unauthenticated requests to internal resources. This could potentially expose sensitive information and compromise the overall security of the system. Deserialization of untrusted data is a high-severity vulnerability that can be exploited by malicious actors to execute arbitrary commands on susceptible systems. In this case, SolarWinds' Web Help Desk software is vulnerable to deserialization attacks due to its handling of user input.

The CVE-2026-1603 vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to leak specific stored credential data. This could potentially compromise the security of the system and allow unauthorized access to sensitive information. The update released by Ivanti addresses this flaw, ensuring that EPM users can patch their systems before it's too late.

The addition of these flaws to the KEV catalog underscores the importance of staying up-to-date with the latest vulnerability patches and applying them in a timely manner. CISA orders federal agencies to fix the vulnerabilities by specific deadlines, emphasizing the need for prompt action to prevent potential breaches.

Private organizations are also advised to review the KEV catalog and address these vulnerabilities in their infrastructure. This proactive approach will help mitigate the risk of exploitation and protect against potential attacks.

CISA's efforts to identify and publicize known exploited vulnerabilities have a significant impact on the security community. By providing timely information on high-priority vulnerabilities, CISA enables organizations to take proactive measures to patch their systems and prevent potential breaches. This collaborative approach is essential in maintaining the overall security posture of critical infrastructure and protecting against cyber threats.

The addition of these flaws to the KEV catalog highlights the importance of staying vigilant and proactive when it comes to cybersecurity. By working together, organizations can reduce the risk of exploitation and create a safer digital landscape for all.