The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially included three significant vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, highlighting their exploitation in active attacks. Among these, CVE-2021-22054, a server-side request forgery (SSRF) flaw in Omnissa Workspace One UEM, has a CVSS score of 7.5, indicating a high severity level. This inclusion serves as a critical alert for organizations relying on these platforms, emphasizing the need for immediate attention to these security gaps.
For businesses, the implications are clear: timely patching and robust vulnerability management are essential to safeguard against potential breaches. Organizations using SolarWinds, Ivanti, or Workspace One should prioritize updates and implement additional security measures to mitigate risks associated with these identified vulnerabilities. This situation underscores the broader importance of proactive cybersecurity practices, particularly as threat actors increasingly target widely-used software solutions, reinforcing the need for continuous monitoring and response protocols in cybersecurity strategies.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/03/cisa-flags-solarwinds-ivanti-and.html)*