CISA orders FCEB remediation deadlines for KEV vulnerabilities
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered FCEB agencies to patch SolarWinds Web Help Desk by March 12, 2026 and to fix the other two KEV-listed flaws by March 23, 2026, tightening remediation for vulnerabilities already tied to active exploitation. The directive covers CVE-2021-22054, CVE-2025-26399, and CVE-2026-1603 across Omnissa Workspace One UEM, SolarWinds Web Help Desk, and Ivanti Endpoint Manager. The action matters because the exploited SolarWinds flaw has been linked to reported initial-access activity associated with Warlock ransomware.
Related Happenings
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector Action
H score50
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
SolarWinds Serv-U denial-of-service flaw actively exploited (CVE-2026-28318)
Vulnerability
H score73
First: 05.06.2026 22:15
Last: 05.06.2026 22:15
Sources 1
About this happening:
**CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**. The **high-se...
SolarWinds Serv-U denial-of-service flaw actively exploited (CVE-2026-28318)
VulnerabilityAbout this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**. The **high-se...
SolarWinds security patch release for CVE-2026-28318
Security Patch Release
H score82
First: 05.06.2026 22:15
Last: 05.06.2026 22:15
Sources 1
About this happening:
SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
SolarWinds security patch release for CVE-2026-28318
Security Patch ReleaseAbout this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
Storm-1175 high-tempo Medusa ransomware campaign
Campaign
H score59
First: 07.04.2026 13:02
Last: 07.04.2026 13:02
Sources 1
About this happening:
**Storm-1175** is running a **high-tempo Medusa ransomware campaign** that has repeatedly exploited **n-day and zero-day flaws** to gain initial access before patching closes the...
Storm-1175 high-tempo Medusa ransomware campaign
CampaignAbout this happening: **Storm-1175** is running a **high-tempo Medusa ransomware campaign** that has repeatedly exploited **n-day and zero-day flaws** to gain initial access before patching closes the...
Timeline
-
10.03.2026 08:17 2 articles · 4mo ago
CISA orders FCEB remediation for three KEV flaws
Legal Policy Action UpdateCISA ordered Federal Civilian Executive Branch agencies to apply the SolarWinds Web Help Desk fix by March 12, 2026 and to remediate the remaining two KEV-listed vulnerabilities by March 23, 2026 after adding CVE-2021-22054, CVE-2025-26399, and CVE-2026-1603 to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation.
Show sources
- CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited — thehackernews.com — 10.03.2026 08:17
- CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited — thehackernews.com — 10.03.2026 08:17