top of page
perceptive_background_267k.jpg

Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attac…

Published:

9 March 2026 at 00:00:00

Alert date:

9 March 2026 at 21:02:12

Source:

cisa.gov

Click to open the original link from this advisory

Enterprise Applications, Identity & Access

Ivanti Endpoint Manager (EPM) contains a critical authentication bypass vulnerability that allows remote unauthenticated attackers to exploit alternate paths or channels to access and leak specific stored credential data. This vulnerability affects EPM 2024 and represents a significant security risk as it enables credential theft without authentication. The vulnerability has been assigned CVE-2026-1603 and security advisories have been published by Ivanti. Organizations using Ivanti EPM should immediately review the security advisory and apply available patches or mitigations to prevent unauthorized access to stored credentials.

Technical details

Mitigation steps:

Affected products:

Ivanti Endpoint Manager

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-1603
https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page