The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the wild. The agency has also updated its directive related to two Cisco Catalyst SD-WAN flaws that were also fixed last month after being used in zero-day attacks.
The Ivanti EPM vulnerability, tracked as CVE-2026-1603, impacts EPM versions prior to 2024 SU5. It allows a remote, unauthenticated attacker to leak stored credential data and was patched on Feb. 9 along with another EPM SQL injection flaw tracked as CVE-2026-1602.
At the time, Ivanti credited a researcher working with Trend Micro’s Zero Day Initiative program for reporting the vulnerabilities and said that it was not aware of customers being exploited by those vulnerabilities.
