Aggregates CVE and security vulnerability intelligence across all Ivanti-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk cross-site scripting, vendor risk xxe, and vendor risk input validation and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-8111 | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.8 | 0.35% | 2026-05-12 | 2026-05-12 |
| CVE-2026-8110 | Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.8 | 0.02% | 2026-05-12 | 2026-05-12 |
| CVE-2026-8109 | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.10% | 2026-05-12 | 2026-05-12 |
| CVE-2026-8051 | OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.2 | 1.46% | 2026-05-12 | 2026-05-15 |
| CVE-2026-8043 | External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 9.6 | 0.09% | 2026-05-12 | 2026-05-13 |
| CVE-2026-7432 | A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.8 | 0.03% | 2026-05-12 | 2026-05-12 |
| CVE-2026-7431 | An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 4.4 | 0.04% | 2026-05-12 | 2026-05-12 |
| CVE-2026-7821 | Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.4 | 0.06% | 2026-05-07 | 2026-05-07 |
| CVE-2026-6973 KEV | An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.2 | 4.91% | 2026-05-07 | 2026-05-07 |
| CVE-2026-5788 | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.0 | 0.25% | 2026-05-07 | 2026-05-07 |
| CVE-2026-5787 | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.9 | 0.06% | 2026-05-07 | 2026-05-07 |
| CVE-2026-5786 | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.8 | 0.35% | 2026-05-07 | 2026-05-07 |
| CVE-2026-3483 | An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.8 | 0.07% | 2026-03-10 | 2026-03-12 |
| CVE-2026-1603 KEV | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.6 | 58.92% | 2026-02-10 | 2026-03-10 |
| CVE-2026-1602 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.16% | 2026-02-10 | 2026-02-12 |
| CVE-2026-1340 KEV | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 9.8 | 69.72% | 2026-01-29 | 2026-04-09 |
| CVE-2026-1281 KEV | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 9.8 | 81.59% | 2026-01-29 | 2026-01-30 |
| CVE-2025-13662 | Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.8 | 0.04% | 2025-12-09 | 2025-12-11 |
| CVE-2025-13661 | Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.1 | 1.25% | 2025-12-09 | 2025-12-11 |
| CVE-2025-13659 | Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.8 | 1.17% | 2025-12-09 | 2025-12-11 |