Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Ivanti Patches Critical Flaws in Secure Access, Endpoint Manager
CyberSecurity News

Ivanti Patches Critical Flaws in Secure Access, Endpoint Manager

Key Takeaways Ivanti has released its May 2026 Patch Tuesday updates, addressing multiple vulnerabilities across four of its key products. The affected products include Ivanti Secure Access Client,...

Marcus Rodriguez
Marcus Rodriguez
May 12, 2026 4 Min Read
50 0

Key Takeaways

  • Ivanti has released its May 2026 Patch Tuesday updates, addressing multiple vulnerabilities across four of its key products.
  • The affected products include Ivanti Secure Access Client, Ivanti Xtraction, Ivanti Virtual Traffic Manager (vTM), and Ivanti Endpoint Manager (EPM).
  • Vulnerabilities range from local privilege escalation and sensitive data exposure to severe remote code execution (RCE) flaws.
  • Notably, Ivanti engineers utilized artificial intelligence tools to discover several of these vulnerabilities, signaling a new era in vulnerability research.
  • All users are strongly advised to apply the available patches immediately, as none of these vulnerabilities have been observed under active exploitation in the wild.

Ivanti Addresses Critical Flaws Across Product Portfolio, Taps AI for Vulnerability Discovery

Ivanti issued its May 2026 Patch Tuesday security advisories on May 13, 2026, revealing critical vulnerabilities across four of its enterprise solutions. In a significant development, the company also disclosed that its engineers are now leveraging artificial intelligence (AI) tools to uncover previously undetected flaws, a practice Ivanti anticipates will lead to an increase in future vulnerability disclosures.

Table Of Content

  • Key Takeaways
  • Ivanti Addresses Critical Flaws Across Product Portfolio, Taps AI for Vulnerability Discovery
  • Ivanti Secure Access Client Vulnerabilities
  • CVE-2026-7431 – Sensitive Log Data Exposure
  • CVE-2026-7432 – Local Privilege Escalation to SYSTEM
  • Ivanti Xtraction Vulnerability
  • CVE-2026-8043 – Path Traversal & Arbitrary File Write
  • Ivanti Virtual Traffic Manager (vTM) Vulnerability
  • CVE-2026-8051 – OS Command Injection
  • Ivanti Endpoint Manager Vulnerabilities
  • CVE-2026-8109 – Credential Leakage
  • CVE-2026-8110 – Agent Privilege Escalation
  • CVE-2026-8111 – SQL Injection Leading to RCE
  • AI-Assisted Vulnerability Discovery: A New Frontier
  • What You Should Do

The patches address security weaknesses in the following products:

  • Ivanti Secure Access Client: CVE-2026-7431 and CVE-2026-7432
  • Ivanti Xtraction: CVE-2026-8043
  • Ivanti Virtual Traffic Manager (vTM): CVE-2026-8051
  • Ivanti Endpoint Manager (EPM): CVE-2026-8109, CVE-2026-8110, CVE-2026-8111

Ivanti confirmed that there is no evidence of these vulnerabilities being exploited in the wild at the time of disclosure. The company also stated that these specific vulnerabilities do not impact any other Ivanti products.

Ivanti Secure Access Client Vulnerabilities

CVE-2026-7431 – Sensitive Log Data Exposure

A security flaw in Ivanti Secure Access Client versions prior to 22.8R6, classified as CWE-732 (Incorrect Permission Assignment), allows a local authenticated attacker to read or modify sensitive log data. While the attack is localized and requires no user interaction, it poses a significant risk in shared or multi-user environments.

CVE-2026-7432 – Local Privilege Escalation to SYSTEM

This vulnerability, present in Ivanti Secure Access Client versions before 22.8R6, is a race condition (CWE-362). It enables a locally authenticated attacker to exploit a timing window, escalating their privileges to SYSTEM. Such local privilege escalation (LPE) flaws are frequently chained by threat actors after initial access to achieve full system compromise, impacting confidentiality, integrity, and availability.

Ivanti Xtraction Vulnerability

CVE-2026-8043 – Path Traversal & Arbitrary File Write

Deemed the most critical vulnerability in this advisory, CVE-2026-8043 affects Ivanti Xtraction versions prior to 2026.2. This flaw combines CWE-22 (Path Traversal) and CWE-73 (External Control of File Name). A remote authenticated attacker can leverage this to read sensitive server-side files and write arbitrary HTML content to the web directory. This capability could lead to stored cross-site scripting (XSS) attacks or the staging of web shells for further compromise.

Ivanti Virtual Traffic Manager (vTM) Vulnerability

CVE-2026-8051 – OS Command Injection

An OS command injection vulnerability (CWE-78) exists in the administrative interface of Ivanti Virtual Traffic Manager versions before 22.9r4. This flaw allows a remote attacker with administrative credentials to inject arbitrary OS-level commands, leading to full remote code execution on the appliance. Despite requiring administrative privileges, the strategic placement of vTM devices at critical network junctures makes their compromise particularly severe, potentially disrupting traffic routing and inspection.

Ivanti Endpoint Manager Vulnerabilities

CVE-2026-8109 – Credential Leakage

An exposed dangerous method (CWE-749) on the Ivanti Endpoint Manager Core Server, affecting versions before 2024 SU6, enables a remote authenticated attacker to exfiltrate access credentials from the server. With a high confidentiality impact but no effect on integrity or availability, this vulnerability presents a significant vector for credential harvesting, potentially facilitating lateral movement or privilege escalation within managed environments.

CVE-2026-8110 – Agent Privilege Escalation

Incorrect permissions assignment (CWE-732) in the Ivanti EPM agent, affecting versions before 2024 SU6, allows a local authenticated attacker to escalate privileges on the endpoint. This vulnerability mirrors the attack pattern of CVE-2026-7432 and is especially critical in large enterprise settings where EPM agents are widely deployed across numerous devices.

CVE-2026-8111 – SQL Injection Leading to RCE

The most dangerous network-facing flaw in this batch for EPM is a SQL injection vulnerability (CWE-89) in the Ivanti EPM web console, affecting versions before 2024 SU6. This flaw permits any remote authenticated attacker, even without administrative rights (PR:L), to achieve remote code execution. SQL injection-to-RCE chains in web consoles are well-understood, easily weaponized, and frequently exploited by sophisticated threat actors, including ransomware groups and nation-state attackers.

AI-Assisted Vulnerability Discovery: A New Frontier

Ivanti revealed that its security team has recently integrated multiple large language models (LLMs) into its Engineering and Product Security Red Team operations. These AI tools have proven effective in identifying vulnerability classes that traditional static and dynamic analysis tools (SAST and DAST) often miss. Several of the vulnerabilities disclosed in this advisory were, in fact, discovered through this AI-assisted review process.

The company acknowledges the accelerating pace of vulnerability exploitation, driven by threat actors’ increasing use of automation and machine learning. Ivanti’s strategy is to counter this trend by employing similar AI technologies within its own red teams, proactively identifying and remediating security issues before they can be weaponized by adversaries.

What You Should Do

  • Prioritize Patching: Immediately apply the latest security updates for all affected Ivanti products: Secure Access Client (to 22.8R6), Xtraction (to 2026.2), Virtual Traffic Manager (vTM) (to 22.9r4), and Endpoint Manager (EPM) (to 2024 SU6).
  • Review Access Controls: For Ivanti Virtual Traffic Manager, ensure robust access controls and strong, unique credentials for administrative interfaces, especially given the OS command injection vulnerability.
  • Monitor for Anomalies: Increase vigilance for any unusual activity on systems running Ivanti products, particularly for signs of local privilege escalation or unauthorized file modifications.
  • Implement Least Privilege: Enforce the principle of least privilege for all users and services interacting with Ivanti solutions to minimize the impact of potential exploitation.
  • Stay Informed: Regularly consult Ivanti’s official security advisories and knowledge base for the latest updates and recommendations.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchransomwareSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Critical Open WebUI Vulnerability Lets Attackers Achieve RCE via File Upload

Next Post

MSSPs Leverage Live Threat Visibility for Proactive Incident Prevention

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us