Bg ShapeBg Shape
THREAT INTELLIGENCE

New Vulnerabilities Patched in Ivanti Endpoint Manager

Two vulnerabilities have been identified in Ivanti Endpoint Manager (EPM), the most severe enabling authentication bypass. Ivanti EPM is a client-based unified endpoint management platform used to manage devices, deploy software, and store credential material for administrative operations. The primary risk (CVE-2026-1603) allows a remote unauthenticated attacker to leak specific stored credential data. A secondary issue (CVE-2026-1602) permits SQL injection by an authenticated attacker, enabling arbitrary database reads. Affected systems include Ivanti Endpoint Manager 2024 SU4 SR1 and prior versions. The vulnerabilities are resolved in version 2024 SU5.

CVE
CVE-2026-1603
CVE-2026-1602

Targeting / Delivery Mechanism
Exploitation requires network access to vulnerable Ivanti EPM services. The authentication bypass can be triggered remotely without valid credentials, while the SQL injection flaw requires authenticated access. Public-facing or improperly segmented management servers present the highest exposure risk.

Execution Technique
CVE-2026-1603 exploits improper authentication validation, allowing unauthenticated access to credential-related data. CVE-2026-1602 leverages SQL injection to extract arbitrary database content. Credential leakage may facilitate follow-on compromise.

Persistence / Deployment
If credentials are exposed, attackers may pivot to managed endpoints, escalate privileges, or establish persistence through administrative account abuse and configuration manipulation.

Impact and Smarttech247's Recommended Actions

Operational Impact
Risk is High for enterprise and government environments relying on Ivanti EPM for centralized endpoint control. Credential exposure may lead to lateral movement, endpoint compromise, and broader infrastructure impact. SQL injection could enable sensitive data extraction from the management database.

Validate Integrity
Identify all Ivanti Endpoint Manager deployments and confirm upgrade status. Systems running 2024 SU4 SR1 or earlier should be treated as vulnerable. Review logs for anomalous authentication attempts, unexpected database queries, and suspicious access patterns.

Respond to Confirmed Compromise
Upgrade immediately to 2024 SU5. If compromise is suspected, rotate stored credentials, review administrative accounts, and audit endpoint deployment activity. Conduct database integrity checks and monitor for unauthorized configuration changes.

Strengthen Preventative Controls
Restrict exposure of management interfaces, enforce network segmentation, and apply the Principle of Least Privilege. Maintain structured vulnerability management, enable application control where possible, and conduct periodic authenticated penetration testing of management infrastructure.

References
https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US

Download the Full Report

Explore More of the Latest Threat Intelligence

April 15, 2026

Multiple Adobe Product Vulnerabilities Allow Code Execution

Read Report
April 15, 2026

Ivanti Neurons for ITSM Flaws Allow Persistent Access, XSS

Read Report
April 15, 2026

Multiple Fortinet Flaws Enable Code Execution and Access

Read Report

Trusted by clients worldwide

Logo
Logo
Logo
Logo
Logo
Logo

Your 24/7 Security Partner

Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.

Awards Image
Awards Image
Awards Image
Awards Image
Awards Image
Awards Image