Description
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Published: 2026-02-10
Score: 8.6 High
EPSS: 55.9% High
KEV: Yes
Impact: Credential theft via authentication bypass
Action: Patch Now
AI Analysis

Impact

An authentication bypass in Ivanti Endpoint Manager, affecting all releases before 2024 SU5, permits a remote unauthenticated attacker to access and leak specific stored credential data. The breach compromises confidentiality by exposing sensitive authentication information.

Affected Systems

Ivanti Endpoint Manager, all versions released prior to 2024 SU5, including the 2024 updates 2024 SU1 through 2024 SU4 and their security releases.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity, and an EPSS score of 0.55% indicates a very low likelihood of exploitation. Listed in the CISA Known Exploited Vulnerabilities catalog, the issue has been monitored for active exploitation. Because the vulnerability allows remote unauthenticated access, an attacker can trigger a credential leak without needing valid credentials, but the low EPSS suggests current exploitation is unlikely, so assessment of risk should be balanced against patching priorities.

Generated by OpenCVE AI on April 28, 2026 at 22:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Ivanti Endpoint Manager patch (2024 SU5) or any later version that addresses the authentication bypass bug.
  • Enforce multi‑factor authentication for all management interfaces to mitigate improper authentication weaknesses (CWE‑288).
  • Disable or remove default and unmanaged credentials, restricting API and remote access to internally trusted hosts (CWE‑306).
  • Continuously monitor authentication logs for abnormal credential export activity and investigate any anomalies promptly.

Generated by OpenCVE AI on April 28, 2026 at 22:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Allows Credential Leakage in Ivanti Endpoint Manager

Wed, 22 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Exposes Stored Credentials in Ivanti Endpoint Manager

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Exposes Stored Credentials in Ivanti Endpoint Manager

Sun, 19 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Allows Remote Credential Leakage in Ivanti Endpoint Manager

Fri, 17 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Allows Remote Credential Leakage in Ivanti Endpoint Manager

Tue, 10 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
CPEs cpe:2.3:a:ivanti:endpoint_manager:2024:su4_sr1:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2024:su4_security_release_1:*:*:*:*:*:*

Mon, 09 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-03-09T00:00:00+00:00', 'dueDate': '2026-03-23T00:00:00+00:00'}

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su4_sr1:*:*:*:*:*:*

Tue, 10 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager
Vendors & Products Ivanti
Ivanti endpoint Manager

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Ivanti Endpoint Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2026-03-10T03:55:23.819Z

Reserved: 2026-01-29T09:18:49.146Z

Link: CVE-2026-1603

cve-icon Vulnrichment

Updated: 2026-02-10T16:00:25.939Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T16:16:10.540

Modified: 2026-03-10T13:11:30.467

Link: CVE-2026-1603

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T22:30:41Z

Weaknesses