Description
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Published: 2026-02-10
Score: 8.6 High
EPSS: 55.9% High
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An authentication bypass in Ivanti Endpoint Manager, affecting all releases before 2024 SU5, permits a remote unauthenticated attacker to access and leak specific stored credential data. The breach compromises confidentiality by exposing sensitive authentication information.

Affected Systems

Ivanti Endpoint Manager, all versions released prior to 2024 SU5, including the 2024 updates 2024 SU1 through 2024 SU4 and their security releases.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity, and an EPSS score of 56% indicates a substantially higher likelihood of exploitation relative to other vulnerabilities. Listed in the CISA Known Exploited Vulnerabilities catalog, the issue has been monitored for active exploitation. Because the vulnerability allows remote unauthenticated access, an attacker can trigger a credential leak without needing valid credentials, and the elevated EPSS suggests that current risk of exploitation is significant, so patching should be prioritized accordingly.

Generated by OpenCVE AI on May 23, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Ivanti Endpoint Manager patch (2024 SU5) or any later version that addresses the authentication bypass bug.
  • Enforce multi‑factor authentication for all management interfaces to mitigate improper authentication weaknesses (CWE‑288).
  • Disable or remove default and unmanaged credentials, restricting API and remote access to internally trusted hosts (CWE‑306).
  • Continuously monitor authentication logs for abnormal credential export activity and investigate any anomalies promptly.

Generated by OpenCVE AI on May 23, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 15:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Enables Remote Credential Leak in Ivanti Endpoint Manager

Mon, 11 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Allows Credential Leakage in Ivanti Endpoint Manager

Tue, 28 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Allows Credential Leakage in Ivanti Endpoint Manager

Wed, 22 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Exposes Stored Credentials in Ivanti Endpoint Manager

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Exposes Stored Credentials in Ivanti Endpoint Manager

Sun, 19 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Allows Remote Credential Leakage in Ivanti Endpoint Manager

Fri, 17 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Authentication Bypass Allows Remote Credential Leakage in Ivanti Endpoint Manager

Tue, 10 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
CPEs cpe:2.3:a:ivanti:endpoint_manager:2024:su4_sr1:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2024:su4_security_release_1:*:*:*:*:*:*

Mon, 09 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-03-09T00:00:00+00:00', 'dueDate': '2026-03-23T00:00:00+00:00'}

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su4_sr1:*:*:*:*:*:*

Tue, 10 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager
Vendors & Products Ivanti
Ivanti endpoint Manager

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Ivanti Endpoint Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2026-03-10T03:55:23.819Z

Reserved: 2026-01-29T09:18:49.146Z

Link: CVE-2026-1603

cve-icon Vulnrichment

Updated: 2026-02-10T16:00:25.939Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T16:16:10.540

Modified: 2026-03-10T13:11:30.467

Link: CVE-2026-1603

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T14:45:19Z

Weaknesses