Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks
July 2, 2026
Chrome API Flaw Exposes Android Photos to Ransomware
July 2, 2026
WinRAR 7.23 Patches Critical Heap Overflow Vulnerability CVE-2024-XXXX
July 2, 2026
Home/CyberSecurity News/Critical Ivanti Neurons for ITSM Flaws Let Attackers Hijack User Sessions
CyberSecurity News

Critical Ivanti Neurons for ITSM Flaws Let Attackers Hijack User Sessions

Key Takeaways Ivanti has released urgent security updates for its Neurons for ITSM (N-ITSM) platform. Two medium-severity vulnerabilities, CVE-2026-4913 and CVE-2026-4914, could enable unauthorized...

Jennifer sherman
Jennifer sherman
April 14, 2026 3 Min Read
28 0

Key Takeaways

  • Ivanti has released urgent security updates for its Neurons for ITSM (N-ITSM) platform.
  • Two medium-severity vulnerabilities, CVE-2026-4913 and CVE-2026-4914, could enable unauthorized access retention and session data theft.
  • The flaws affect Ivanti N-ITSM versions prior to 2025.4, impacting both on-premise and cloud deployments.
  • On-premise customers must manually upgrade to version 2025.4; cloud environments were patched by Ivanti on December 12, 2025.
  • No active exploitation of these vulnerabilities has been observed by Ivanti at the time of disclosure.

Ivanti has issued critical security updates for its on-premise IT service management solution, Ivanti Neurons for ITSM (N-ITSM), addressing two medium-severity vulnerabilities. These flaws could potentially allow authenticated attackers to maintain unauthorized system access or compromise session data belonging to other users.

Table Of Content

  • Key Takeaways
  • CVE-2026-4913: Improper Path Protection Allows Persistent Access
  • CVE-2026-4914: Stored XSS Leads to Cross-Session Data Theft
  • What You Should Do

The company confirmed that it has no evidence of active exploitation for either vulnerability. Both issues were identified and reported through Ivanti’s responsible disclosure program and have been resolved in the recently released version 2025.4.

CVE-2026-4913: Improper Path Protection Allows Persistent Access

The first vulnerability, identified as CVE-2026-4913, carries a CVSS score of 5.7 (Medium) and falls under the CWE-424 (Protection Mechanism Failure) category. This flaw is rooted in an inadequate protection mechanism concerning an alternate path within Ivanti N-ITSM versions preceding 2025.4.

Exploitation of this vulnerability could enable a remote, authenticated attacker to retain access to the system even after an administrator has disabled their account. This bypass mechanism presents a significant risk, particularly in corporate settings where the immediate revocation of access is a crucial security measure, especially during employee offboarding or in response to insider threats.

The vulnerability is accessible over the network, requires low privileges for exploitation, and necessitates user interaction to be triggered, contributing to its medium severity rating.

CVE-2026-4914: Stored XSS Leads to Cross-Session Data Theft

The second vulnerability, CVE-2026-4914, is a stored cross-site scripting (XSS) flaw with a CVSS score of 5.4 (Medium), categorized under CWE-79. This vulnerability, present in Ivanti N-ITSM versions prior to 2025.4, permits a remote, authenticated attacker to inject malicious scripts. These scripts would then execute within the browser sessions of other users.

Successful exploitation could allow an attacker to harvest limited information from other user sessions, potentially including session tokens, credentials, or other sensitive ITSM data. The attack requires user interaction, meaning a victim must interact with the specially crafted malicious content for the exploit to succeed. The vulnerability’s cross-scope impact (S:C in the CVSS vector) indicates that its effects are not confined to the immediate session and can extend more broadly.

Both vulnerabilities impact Ivanti Neurons for ITSM version 2025.3 and all previous releases, affecting both on-premise and cloud-based deployments.

  • On-premise customers are required to manually upgrade their installations to version 2025.4, which is available via the Ivanti License System (ILS).
  • Cloud customers are not required to take any action, as Ivanti automatically applied the necessary fixes to all cloud environments on December 12, 2025.

Ivanti strongly advises all on-premise customers to implement the 2025.4 update without delay. Currently, there are no known indicators of compromise, as no public exploitation has been observed.

Organizations operating older versions of Ivanti Neurons for ITSM should prioritize this upgrade, especially considering the significant access-retention risk posed by CVE-2026-4913 in environments that enforce stringent access control policies.

What You Should Do

  • On-Premise Customers: Immediately upgrade your Ivanti Neurons for ITSM deployment to version 2025.4. Obtain the update through the Ivanti License System (ILS).
  • Cloud Customers: No action is required. Ivanti has already applied the necessary patches to all cloud environments.
  • Review Access Policies: Regularly audit user accounts and access privileges, ensuring that disabled accounts are truly inaccessible.
  • Educate Users: Remind users about the risks of interacting with suspicious or unexpected content, especially within IT service management platforms, to mitigate XSS risks.
  • Monitor for Anomalies: While no active exploitation is known, maintain vigilance for any unusual activity or unauthorized access attempts within your ITSM environment.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical etcd Auth Bypass Flaw CVE-2023-XXXX Allows Unauthorized API Access

Next Post

CISA Warns of Critical Microsoft Exchange and Windows CLFS Bugs Exploited in Attacks

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Microsoft Flaws Let Attackers Gain Privileges, Steal Data
July 2, 2026
FortiBleed Vulnerability Exploited by INC and Lynx Ransomware to Steal Passwords
July 2, 2026
WhatsApp Username Reservations Raise Security Concerns for 2 Billion Users
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us