Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attac…

Ivanti Endpoint Manager (EPM) contains a critical authentication bypass vulnerability that allows remote unauthenticated attackers to exploit alternate paths or channels to access and leak specific stored credential data. This vulnerability affects EPM 2024 and represents a significant security risk as it enables credential theft without authentication. The vulnerability has been assigned CVE-2026-1603 and security advisories have been published by Ivanti. Organizations using Ivanti EPM should immediately review the security advisory and apply available patches or mitigations to prevent unauthorized access to stored credentials.