Patched vulnerabilities in Ivanti Endpoint Manager and Cisco Catalyst SD-WAN are under attack, according to the US security agency, which added reporting requirements to its previous Cisco directive.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

CISA has added CVE-2026-1603, an authentication bypass flaw in Ivanti Endpoint Manager (EPM) versions prior to 2024 SU5, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. The agency also added a SolarWinds Web Help Desk RCE bypass (CVE-2025-26399) and a VMware Workspace ONE UEM SSRF flaw (CVE-2021-22054) to the catalog. Additionally, CISA updated its emergency directive on two Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20127 and CVE-2022-20775), requiring federal agencies to submit SD-WAN deployment logs by March 26. The Cisco SD-WAN flaw may have been exploited since 2023, going undetected for nearly three years.

CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws