Pulse Connect Secure Zero-Day Exploited in the Wild (CVE-2021

Pulse Connect Secure Zero-Day Exploited in the Wild (CVE-2021-22893)

Earlier today, Pulse Secure published an out-of-cycle security advisory (SA44784) to address a critical vulnerability in its Pulse Connect Secure (PCS) appliance.

The vulnerability, identified as CVE-2021-22893, is an authentication bypass vulnerability. Details about the vulnerability are slim, but it was assigned a CVSSv3 score of 10.0.

According to researchers at Pulse Secure and FireEye, the vulnerability has been exploited in limited, targeted attacks against specific industries including Government, Defense and Finance.

In addition to CVE-2021-22893, researchers say that attackers have been leveraging three known and patched vulnerabilities in PCS including CVE-2019-11510, a critical arbitrary file disclosure vulnerability in PCS that has been exploited in the wild since August 2019.

For more information about the vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Pulse Connect Secure Zero-Day Exploited in the Wild (CVE-2021

Recent Discussions

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Americas

Europe

Asia / Australia