Overview
- The KEV update lists CVE-2025-26399 in SolarWinds Web Help Desk, CVE-2026-1603 in Ivanti Endpoint Manager, and CVE-2021-22054 in Workspace One UEM based on evidence of exploitation.
- CISA ordered Federal Civilian Executive Branch agencies to patch SolarWinds by March 12, with Ivanti and Workspace One due by March 23.
- Huntress and Microsoft reported real-world abuse of the SolarWinds Web Help Desk flaw, with some reporting linking the activity to the Warlock ransomware group.
- SolarWinds has released Web Help Desk 12.8.7 HF1 to address the critical deserialization bug, while Ivanti’s affected versions precede 2024 SU5 and the vendor says it saw no pre-disclosure exploitation.
- GreyNoise previously observed exploitation of the Workspace One SSRF in March 2025, underscoring risk alongside the newly mandated federal remediation.