I

Ivanti Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Ivanti products.

12 known CVE vulnerabilities tracked

Critical
2
High
8
Medium
2
Low
0
None
0

Vulnerabilities By Year

1
2024
11
2026

Products Affected

Endpoint Manager Mobile 5 Endpoint Manager 3 Secure Access Client 2 Xtraction 1 Virtual Traffic Manager 1

All Ivanti CVEs

Recent Highest Score Oldest
CVE-2026-8111
8.8 high

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution.

Endpoint Manager May 12, 2026
CVE-2026-8110
7.8 high

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.

Endpoint Manager May 12, 2026
CVE-2026-8109
6.5 medium

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.

Endpoint Manager May 12, 2026
CVE-2026-8043
9.6 critical

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

Xtraction May 12, 2026
CVE-2026-7432
7.8 high

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM

Secure Access Client May 12, 2026
CVE-2026-7431
4.4 medium

An incorrect permission assignment for critical resource of Ivanti Secure Access Client   before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.

Secure Access Client May 12, 2026
CVE-2026-7821
7.4 high

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of th

Endpoint Manager Mobile May 7, 2026
CVE-2026-6973
7.2 high

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

Endpoint Manager Mobile May 7, 2026
CVE-2026-5788
7.0 high

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.

Endpoint Manager Mobile May 7, 2026
CVE-2026-5787
8.9 high

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

Endpoint Manager Mobile May 7, 2026
CVE-2026-5786
8.8 high

An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.

Endpoint Manager Mobile May 7, 2026
CVE-2024-7593
9.8 critical

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Virtual Traffic Manager Aug 13, 2024