Ivanti Endpoint Manager Flaw: Remote Arbitrary Data Leak

Ivanti has released critical security updates for its Endpoint Manager (EPM) platform, addressing two newly discovered vulnerabilities. These flaws could enable unauthorized access to sensitive database information and compromise user credentials.

The updates, released in version 2024 SU5, also resolve 11 medium-severity vulnerabilities previously disclosed in October 2025.

The security advisory highlights two primary vulnerabilities of significant concern. CVE-2026-1603, rated with a CVSS score of 8.6 (High), represents an authentication bypass flaw that allows remote unauthenticated attackers to leak specific stored credential data.

This vulnerability, classified under CWE-288, poses a substantial risk as it requires no user interaction and can be exploited over the network without authentication.

The second vulnerability, CVE-2026-1602, carries a CVSS score of 6.5 (Medium) and involves a SQL injection flaw. Remote authenticated attackers can exploit this weakness to read arbitrary data from the database, potentially exposing sensitive organizational information. The vulnerability affects data confidentiality but does not affect system integrity or availability.

Organizations running Ivanti Endpoint Manager version 2024 SU4 SR1 and earlier are vulnerable to these exploits. The vulnerabilities affect the core authentication and database query mechanisms, making them particularly concerning for enterprise environments managing multiple endpoints.

Ivanti has made the patched version, EPM 2024 SU5, available through its Ivanti License System (ILS). Administrators are strongly encouraged to apply the update immediately to mitigate potential risks.

The company has confirmed that no active exploitation was observed prior to public disclosure, as both vulnerabilities were reported through Ivanti’s responsible disclosure program.

The vulnerabilities were discovered by security researcher 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044, working in collaboration with Trend Zero Day Initiative.

Ivanti has publicly acknowledged the researcher’s contribution to identifying these security gaps and emphasized its commitment to working with the security community to maintain product integrity.

These vulnerabilities underscore the ongoing challenges in enterprise software security, particularly in endpoint management solutions that handle privileged access and sensitive organizational data.

The authentication bypass vulnerability is especially concerning as it requires no prior authentication, potentially allowing attackers to gain initial access to credential stores.

Currently, there are no known indicators of compromise associated with these vulnerabilities, and Ivanti reports no evidence of exploitation in the wild. However, the public disclosure of technical details increases the urgency for organizations to deploy the available patches.

Organizations using Ivanti Endpoint Manager should prioritize updating to version 2024 SU5 and conduct security audits to ensure no unauthorized access occurred prior to patching. Ivanti continues to encourage security researchers to report vulnerabilities through its official disclosure channels.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.