CISA adds three known exploited vulnerabilities to catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation:
CVE-2021-22054 Omnissa Workspace ONE Server-Side Request Forgery, CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability, CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.