Ivanti has issued a high-security update for its Endpoint Manager (EPM) solution to address two significant vulnerabilities that could put organisational data at risk.
The advisory, released on February 9, 2026, highlights a high-severity flaw that allows attackers to bypass authentication mechanisms entirely.
Ivanti EPM is widely used by IT administrators to manage and secure devices across enterprise networks.
Because this software has deep access to endpoints, vulnerabilities within it are high-priority targets for threat actors looking to gain a foothold in a corporate environment.
Authentication Bypass
The most concerning issue in this update is tracked as CVE-2026-1603. This vulnerability carries a CVSS severity score of 8.6 (High).
This flaw is an authentication bypass vulnerability affecting Ivanti EPM versions before 2024 SU5.
In simple terms, this vulnerability allows a remote attacker, someone outside the organisation’s network, to access specific stored credential data without needing a username or password.
Because the attacker does not need to be authenticated to exploit this, the barrier to entry is low, making immediate patching essential.
SQL Injection
The second vulnerability, CVE-2026-1602, is rated with a CVSS score of 6.5 (Medium). This is an SQL injection flaw.
Unlike the authentication bypass, this vulnerability requires the attacker to already have valid user credentials for the system.
If an attacker has authenticated access, they can manipulate the database queries to read arbitrary data they should not have access to.
While less severe because it requires a login, it still poses a risk of data leakage from insider threats or compromised user accounts.
| CVE Number | Severity | CVSS Score | Type |
|---|---|---|---|
| CVE-2026-1603 | High | 8.6 | Authentication Bypass |
| CVE-2026-1602 | Medium | 6.5 | SQL Injection |
In addition to these two new issues, Ivanti’s update resolves 11 medium-severity vulnerabilities that were previously disclosed in October 2025, effectively rolling up a significant amount of security hygiene into a single patch.
The good news for defenders is that Ivanti is currently unaware of any customers being actively exploited by these vulnerabilities at the time of disclosure.
The flaws were reported responsibly by a security researcher identified as “06fe5fd2bc53027c4a3b7e395af0b850e7b8a044” working with the Trend Zero Day initiative.
Organizations utilizing Ivanti Endpoint Manager 2024 should take the following steps immediately:
- Verify your version: Check if you are running 2024 SU4 SR1 or older.
- Update: Download and install the 2024 SU5 update.
- Source: The update is available via the Ivanti License System (ILS).
Administrators are urged to prioritize this update to close the door on unauthenticated data theft.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google
