Ddos 
Ivanti has rolled out important security updates for its Endpoint Manager (EPM), addressing a pair of vulnerabilities that could expose sensitive credentials to hackers. The release fixes one high-severity flaw and one medium-severity issue, both of which could be leveraged to siphon data from corporate networks.
The most alarming of the two, tracked as CVE-2026-1603, allows unauthenticated attackers to bypass security checks and access stored secrets, potentially opening the door to broader system compromise.
Leading the advisory is CVE-2026-1603, a high-severity authentication bypass vulnerability with a CVSS score of 8.6.
This flaw breaks the fundamental rule of access control: it allows a stranger on the network to access data they should never see. The advisory describes the threat explicitly: “An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.”
By exploiting this, an attacker doesn’t need to steal a password first; they can simply bypass the login gate and potentially harvest credentials stored within the system, which could then be used to pivot deeper into the environment.
The second vulnerability, CVE-2026-1602, is a medium-severity SQL injection flaw (CVSS 6.5). While less critical than the bypass, it still poses a significant risk to data privacy.
This vulnerability requires the attacker to already have some level of access, but if they do, they can query the database directly. “SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database,” the report states.
Currently, there is no evidence that these flaws are being used in active attacks. Ivanti confirmed, “We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure”.
The vulnerabilities affect Ivanti Endpoint Manager 2024 SU4 SR1 and prior.
Administrators are strongly urged to upgrade to version 2024 SU5 immediately to close these security gaps and prevent potential data theft. As the advisory warns, “Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or compromise user sessions”.
Related Posts:
- Ivanti Patches Two High-Severity RCE Flaws in Endpoint Manager
- Ivanti Issues Patch for Critical Vulnerabilities in Endpoint Manager, Including CVE-2024-29847 (CVSS 10.0)
- Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities
- Ivanti Endpoint Manager Discloses 13 Flaws: High-Severity RCE and 11 SQL Injection Vulnerabilities
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
