CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Recent Ivanti Endpoint Manager Flaw Exploited in Attacks

CISA has added the high-severity authentication bypass vulnerability to its KEV list, along with SolarWinds and Workspace One bugs. The post Recent Ivanti Endpoint Manager Flaw Exploited in Attacks appeared first on SecurityWeek.

Ivanti vulnerability exploited

The US cybersecurity agency CISA on Monday expanded its Known Exploited Vulnerabilities (KEV) catalog with another Ivanti bug, urging its immediate patching.

The issue, tracked as CVE-2026-1603 (CVSS score of 8.6), is a high-severity authentication bypass vulnerability in Ivanti Endpoint Manager that could be exploited to leak credential data.

Impacting all Endpoint Manager iterations before version 2024 SU5, the security defect was patched in early February, when Ivanti said it was not aware of its in-the-wild exploitation. The company has yet to update its advisory.

On Monday, CISA urged federal agencies to apply patches for CVE-2026-1603 within two weeks, which is one week faster than the typical three-week patching window mandated by Binding Operational Directive (BOD) 22-01.

The same pathing window applies to another vulnerability newly added to KEV, namely CVE-2021-22054 (CVSS score of 7.5), a high-severity server-side request forgery (SSRF) issue in Omnissa Workspace One UEM (formerly VMware Workspace One UEM).

Patched in December 2021, the issue could allow an attacker with network access to UEM to send unauthenticated requests and access sensitive data in the management console.

In March last year, GreyNoise warned of a surge in the exploitation of a dozen SSRF bugs in products from multiple vendors, including CVE-2021-22054.

On Monday, CISA added the Workspace One UEM flaw to the KEV catalog along with the Ivanti vulnerability and CVE-2025-26399 (CVSS score of 9.8), a remote code execution (RCE) flaw in SolarWinds Web Help Desk (WHD) patched in September 2025.

CVE-2025-26399 is a patch bypass for CVE-2024-28988, which was a patch bypass for CVE-2024-28986. Last month, Microsoft flagged it as potentially exploited in the wild in December 2025.

Now, CISA has confirmed CVE-2025-26399’s exploitation, as well as its severity, giving federal agencies only one week to identify and patch vulnerable WHD instances within their environments.

Related: CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities

Related: Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited

Related: CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List

Related: Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks

Latest News

CYBERNEWSMEDIAPublisher