"The issue, tracked as CVE-2026-1603 (CVSS score of 8.6), is a high-severity authentication bypass vulnerability in Ivanti Endpoint Manager that could be exploited to leak credential data. Impacting all Endpoint Manager iterations before version 2024 SU5, the security defect was patched in early February, when Ivanti said it was not aware of its in-the-wild exploitation."
"On Tuesday, CISA urged federal agencies to apply patches for CVE-2026-1603 within two weeks, which is one week faster than the typical three-week patching window mandated by Binding Operational Directive (BOD) 22-01. The same pathing window applies to another vulnerability newly added to KEV, namely CVE-2021-22054 (CVSS score of 7.5), a high-severity server-side request forgery (SSRF) issue in Omnissa Workspace One UEM."
"CVE-2025-26399 (CVSS score of 9.8), a remote code execution (RCE) flaw in SolarWinds Web Help Desk (WHD) patched in September 2025. CVE-2025-26399 is a patch bypass for CVE-2024-28988, which was a patch bypass for CVE-2024-28986. Last month, Microsoft flagged it as potentially exploited in the wild in December 2025. Now, CISA has confirmed CVE-2025-26399's exploitation, as well as its severity, giving federal agencies only one week to identify and patch vulnerable WHD instances."
CISA expanded its Known Exploited Vulnerabilities catalog with three high-severity flaws requiring urgent patching. CVE-2026-1603 is an authentication bypass in Ivanti Endpoint Manager (CVSS 8.6) affecting versions before 2024 SU5, requiring patching within two weeks. CVE-2021-22054 is a server-side request forgery vulnerability in Omnissa Workspace One UEM (CVSS 7.5) patched in December 2021, also requiring two-week remediation. CVE-2025-26399 is a critical remote code execution flaw in SolarWinds Web Help Desk (CVSS 9.8) with confirmed active exploitation, requiring one-week patching. These accelerated timelines exceed standard three-week requirements under Binding Operational Directive 22-01.
#vulnerability-management #critical-patches #federal-cybersecurity #active-exploitation #cisa-kev-catalog
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]