top of page
perceptive_background_267k.jpg

CISA: Recently patched Ivanti EPM flaw now actively exploited

Published:

10 maart 2026 om 11:36:13

Alert date:

10 maart 2026 om 12:01:39

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Enterprise Applications, Zero-Day Vulnerabilities

CISA has flagged a high-severity vulnerability in Ivanti Endpoint Manager (EPM) as actively exploited in attacks. The agency has ordered U.S. federal agencies to patch their systems within three weeks due to the active exploitation. This represents another security issue affecting Ivanti products, following a pattern of vulnerabilities in their enterprise management solutions. The vulnerability poses significant risk to organizations using Ivanti EPM for endpoint management.

Technical details

CVE-2026-1603 is a high-severity vulnerability in Ivanti Endpoint Manager (EPM) that can be exploited by remote threat actors without privileges to bypass authentication and steal credential data in low-complexity cross-site scripting attacks that require no user interaction. The flaw was patched one month ago with the release of Ivanti EPM 2024 SU5, which also addresses an SQL injection flaw that allows remote, authenticated attackers to read arbitrary data from the database.

Mitigation steps:

Update to Ivanti EPM 2024 SU5 or later to patch CVE-2026-1603. Federal agencies must patch systems within three weeks by March 23 as mandated by CISA's binding operational directive BOD 22-01. Organizations should prioritize patching as over 700 Internet-facing Ivanti EPM instances are currently tracked, with many potentially still vulnerable.

Affected products:

Ivanti Endpoint Manager (EPM)
Ivanti EPM 2024 (versions prior to SU5)

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-1603
https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US
https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&vendor=ivanti&type=device-management&model=epm&dataset=count&limit=100&group_by=geo&stacking=stacked
https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-1603
https://cyber.dhs.gov/bod/22-01/
https://www.bleepingcomputer.com/news/security/cisa-tags-critical-ivanti-epm-flaws-as-actively-exploited-in-attacks/
https://www.bleepingcomputer.com/news/security/critical-ivanti-rce-flaw-with-public-exploit-now-used-in-attacks/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page