CISA Adds Three Known Exploited Vulnerabilities to Catalog
Summary
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2021-22054 (Omnissa Workspace), CVE-2025-26399 (SolarWinds Web Help Desk), and CVE-2026-1603 (Ivanti Endpoint Manager). These vulnerabilities are actively being exploited by malicious actors and pose significant risks.
IFF Assessment
The addition of actively exploited vulnerabilities to CISA's KEV catalog indicates that attackers are leveraging these flaws, increasing the risk to organizations.
Severity
Defender Context
Defenders should prioritize patching or mitigating these newly listed KEV vulnerabilities immediately, as they represent known attack vectors currently in the wild. Organizations should also review their vulnerability management programs to ensure they are effectively identifying and remediating high-risk CVEs promptly.