Print - 【Vulnerability Alert】CISA Added 6 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/09

【Vulnerability Alert】CISA Added 6 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/09–2026/03/15)

publish date : 2026-03-20 update date : 2026-03-20

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026031701031414	Publication Time	2026/03/17 13:13
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/03/17 13:13
Impact Level	Low
[Subject] 【Vulnerability Alert】CISA Added 6 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/09–2026/03/15)
[Content] Forwarded from TWCERTCC-200-202603-00000014 【CVE-2021-22054】Omnissa Workspace ONE Server-Side Request Forgery Vulnerability (CVSS v3.1: 7.5) 【Whether Exploited by Ransomware: Unknown】 Omnissa Workspace ONE UEM contains a Server-Side Request Forgery vulnerability. This vulnerability may allow a malicious attacker with network access to UEM to send unauthenticated requests and obtain sensitive information. 【CVE-2025-26399】SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.8) 【Whether Exploited by Ransomware: Unknown】 The AjaxProxy component in SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability. This vulnerability may allow an attacker to execute commands on the host system. 【CVE-2026-1603】Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability (CVSS v3.1: 8.6) 【Whether Exploited by Ransomware: Unknown】 Ivanti Endpoint Manager (EPM) contains an authentication bypass vulnerability. This vulnerability may allow an unauthenticated remote attacker to disclose certain stored credential data. 【CVE-2025-68613】n8n Improper Control of Dynamically-Managed Code Resources Vulnerability (CVSS v3.1: 9.9) 【Whether Exploited by Ransomware: Unknown】 The workflow expression evaluation system in n8n contains an improper control of dynamically-managed code resources vulnerability, which may lead to remote code execution. 【CVE-2026-3910】Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability (CVSS v3.1: 8.8) 【Whether Exploited by Ransomware: Unknown】 Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability. This may allow a remote attacker to execute arbitrary code within the sandbox via a specially crafted HTML page. This vulnerability may affect multiple Chromium-based browsers, including but not limited to Google Chrome, Microsoft Edge, and Opera. 【CVE-2026-3909】Google Skia Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8) 【Whether Exploited by Ransomware: Unknown】 Google Skia contains an out-of-bounds write vulnerability. This may allow a remote attacker to perform out-of-bounds memory access via a specially crafted HTML page. This vulnerability affects Google Chrome, ChromeOS, Android, Flutter, and other products that may use Skia. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] 【CVE-2021-22054】Please refer to the affected versions listed by the official advisory: https://kb.omnissa.com/s/article/87167 【CVE-2025-26399】Please refer to the affected versions listed by the official advisory: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 【CVE-2026-1603】Please refer to the affected versions listed by the official advisory: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 【CVE-2025-68613】Please refer to the affected versions listed by the official advisory: https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp 【CVE-2026-3910】Please refer to the affected versions listed by the official advisory: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html 【CVE-2026-3909】Please refer to the affected versions listed by the official advisory: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
[Recommended Actions] 【CVE-2021-22054】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version. https://kb.omnissa.com/s/article/87167 【CVE-2025-26399】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 【CVE-2026-1603】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version. https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024 【CVE-2025-68613】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version. https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp 【CVE-2026-3910】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html 【CVE-2026-3909】 The vendor has released a remediation update for the vulnerability. Please update to the relevant version. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center