Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Ivanti Endpoint Manager: Unauthenticated Credential Data Exposure
Known exploited
Exploitation likelihood: 44%
CVE-2026-1603
CVE-2026-1603
Summary
Ivanti Endpoint Manager's authentication system can be bypassed, allowing unauthorized access to sensitive user credentials. This could lead to unauthorized access to user accounts and potentially allow attackers to take control of user devices. Ivanti has released a patch to fix this issue; apply the update as soon as possible to ensure your system's security.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ivanti | endpoint_manager | <= 2024 | – |
| ivanti | endpoint_manager | 2024 | – |
| ivanti | endpoint_manager | 2024 | – |
| ivanti | endpoint_manager | 2024 | – |
| ivanti | endpoint_manager | 2024 | – |
| ivanti | endpoint_manager | 2024 | – |
| ivanti | endpoint_manager | 2024 | – |
| ivanti | endpoint_manager | 2024 | – |
| ivanti | endpoint manager (epm) | All versions | – |
Original title
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Original description
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.
nvd CVSS3.1
7.5
Vulnerability type
CWE-288
Authentication Bypass Using Alternate Path
CWE-306
Missing Authentication for Critical Function
Published: 9 Mar 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026