Search

CISA Flags Actively Exploited Vulnerabilities in SolarWinds, Ivanti, and Workspace One

Cyber threats and incidents
By JJ Javier
padlock on computer keyboard

Related

Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in Florida’s Retail Industry

Florida’s retail sector spans national e-commerce platforms, grocery chains,...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in Florida’s Business Consulting Industry

Florida’s business consulting sector includes firms advising clients on...
Read more
Founders, Analysts & Industry Voices

CISOs to Watch in Florida’s Insurance Industry

Florida’s insurance sector includes national carriers, specialty insurers, and...
Read more
AI and security

White House’s New Cyber Strategy Prioritizes Offensive Operations Against Threats

What happened The White House released its 2026 Cyber Strategy...
Read more
Cyber threats and incidents

New KadNap Malware Compromises 14,000+ Edge Devices to Build Stealth Proxy Botnet

What happened: Security researchers have uncovered a new malware strain...
Read more

Share

What happened

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities affecting SolarWinds, Ivanti, and Workspace One to its Known Exploited Vulnerabilities (KEV) catalog after confirming they are being actively exploited by threat actors.

The vulnerabilities include:

  • CVE-2025-26399: A critical deserialization flaw in SolarWinds Web Help Desk that could allow attackers to execute commands on the host system.
  • CVE-2026-1603: An authentication bypass issue in Ivanti Endpoint Manager that could expose stored credentials.
  • CVE-2021-22054: A server-side request forgery (SSRF) vulnerability in Workspace One UEM that may allow attackers to access sensitive information.

Security researchers reported that attackers are already exploiting the SolarWinds flaw to gain initial access to networks, with activity linked to the Warlock ransomware group.

CISA has directed U.S. federal agencies to patch the SolarWinds vulnerability by March 12, 2026, and the Ivanti and Workspace One issues by March 23, 2026. 

Who is affected

Organizations using SolarWinds Web Help Desk, Ivanti Endpoint Manager, or Workspace One UEM may be exposed if systems remain unpatched. The directive specifically applies to U.S. federal agencies, but private-sector organizations using these products face similar risks.

Why CISOs should care

Vulnerabilities added to the KEV catalog are confirmed to be exploited in real-world attacks, making them high-priority patching items. These flaws could enable attackers to gain initial access, execute commands remotely, or extract sensitive credentials, potentially leading to ransomware deployment or lateral movement inside enterprise networks.

3 practical actions

  1. Patch immediately: Apply vendor fixes for SolarWinds Web Help Desk, Ivanti Endpoint Manager, and Workspace One UEM.
  2. Audit exposure: Identify any internet-facing or legacy instances of these products in your environment.
  3. Monitor for suspicious activity: Look for unusual authentication attempts, command execution, or outbound traffic linked to these systems.
Previous article
North Korea-Linked UNC4899 Uses AirDrop and Cloud Exploits to Steal Millions from Crypto Firm
Next article
CISOs to Watch in Florida’s Financial Services Industry
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in Florida’s Retail Industry

Florida’s retail sector spans national e-commerce platforms, grocery chains,...
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in Florida’s Business Consulting Industry

Florida’s business consulting sector includes firms advising clients on...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.