Description
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
Published: 2026-05-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an incorrect permissions assignment in the Ivanti Endpoint Manager agent, classified as CWE‑732, which allows a user who is already logged in locally to obtain higher privileges. The flaw does not provide any remote access or arbitrary code execution out of the box; it simply elevates the authenticated user’s effective rights within the system.

Affected Systems

All installations of Ivanti Endpoint Manager running any build earlier than the 2024 SU6 release are affected. The issue resides in the agent component that executes on managed endpoints. Versions updated to 2024 SU6 or later contain the fixed permissions logic.

Risk and Exploitability

The CVSS score of 7.8 indicates a high‑severity vulnerability. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog, suggesting no documented widespread exploitation yet. The required local authentication limits the attack surface, but once promoted, the attacker could fully compromise the endpoint if desired.

Generated by OpenCVE AI on May 12, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ivanti Endpoint Manager to version 2024 SU6 or later, which includes the corrected permissions assignment.
  • Ensure the agent service runs with the least‑privileged account and that all associated files and registry keys have appropriate access constraints.
  • Restart or redeploy the Endpoint Manager agent on affected endpoints so that the updated permission settings take effect.

Generated by OpenCVE AI on May 12, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su4_security_release_1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su5:*:*:*:*:*:*

Tue, 12 May 2026 17:15:00 +0000

Type Values Removed Values Added
Title Agent Permission Misassignment Leading to Local Privilege Escalation in Ivanti Endpoint Manager

Tue, 12 May 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager
Vendors & Products Ivanti
Ivanti endpoint Manager

Tue, 12 May 2026 15:00:00 +0000

Type Values Removed Values Added
Description Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ivanti Endpoint Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2026-05-13T03:57:53.140Z

Reserved: 2026-05-07T16:20:43.234Z

Link: CVE-2026-8110

cve-icon Vulnrichment

Updated: 2026-05-12T18:59:35.240Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T15:16:17.770

Modified: 2026-05-12T19:18:08.873

Link: CVE-2026-8110

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T17:00:11Z

Weaknesses