Following its addition to the Known Exploited Vulnerabilities (KEV) catalog by the Cybersecurity and Infrastructure Security Agency (CISA) on March 9, 2026, a significant security vulnerability in Ivanti Endpoint Manager has drawn federal attention This article explores vulnerability ivanti endpoint. . This authentication bypass vulnerability, known as CVE-2026-1603, allows a remote, unauthenticated attacker to steal sensitive stored credential data without requiring any kind of valid login credentials.
It affects all versions of Ivanti Endpoint Manager before the 2024 SU5 release. Organizations use Ivanti Endpoint Manager, also known as EPM, a widely used client-based endpoint management platform to secure and manage massive fleets of devices throughout their networks.
Any vulnerability that exposes the platform's stored credentials could have far-reaching effects because it is at the core of an organization's device management infrastructure. The vulnerability falls under CWE-288, which describes an authentication bypass through an alternate path or channel. This means that the product offers a backup access route that entirely avoids the typical authentication and verification procedure.
Additionally, CVE-2026-1603 can be chained with CVE-2026-1602, a companion SQL injection vulnerability that permits an attacker with separate authentication to read any record from the EPM database. This makes combined exploitation a particularly serious and plausible threat scenario. The only version of Ivanti EPM that has fixed this issue is version 2024 SU5, which organizations using it should update to right away.
CISA advises blocking external internet access to EPM management ports 80 and 443 and enforcing strict IP allowlisting so that only trusted administrative hosts can communicate with the server for teams that are unable to apply the patch immediately. Additionally, security teams should keep an eye out for strange API requests from unidentified external addresses and keep an eye on authentication logs for unexpected access to protected resources. Businesses utilizing cloud-based deployments must adhere to the relevant BOD 22-01 guidelines.
