Multiple vulnerabilities in Ivanti Endpoint Manager For its Endpoint Manager (EPM) platform, Ivanti has published important security updates that fix two recently found flaws that could allow unauthorized access to private database data and jeopardize user credentials This article explores vulnerabilities ivanti endpoint. . Eleven medium-severity vulnerabilities that were previously revealed in October 2025 have also been fixed by the updates, which were made available in version 2024 SU5.

The security advisory highlights two primary vulnerabilities of significant concern. With a CVSS score of 8.6 (High), CVE-2026-1603 is an authentication bypass vulnerability that lets remote, unauthenticated attackers access certain stored credential information. Because it doesn't require user interaction and can be exploited over the network without authentication, this vulnerability, which is categorized under CWE-288, presents a significant risk.

The second vulnerability, CVE-2026-1602, is a SQL injection flaw with a CVSS score of 6.5 (Medium). This flaw allows remote, authenticated attackers to read any data from the database, possibly revealing private company data. System availability and integrity are unaffected by the vulnerability, but data confidentiality is.

Description of the CVE Number Versions Affected by CVSS Score (Severity) Versions 6.5 (Medium) 2024 SU4 SR1 and earlier 2024 SU5 CVE-2026-1603 Authentication bypass allowing remote unauthenticated attacker to leak stored credential data 8.6 (High) 2024 SU4 SR1 and earlier 2024 SU5 Resolved Version CVE-2026-1602 SQL injection allowing remote authenticated attacker to read arbitrary database data Organizations running Ivanti Endpoint Manager version 2024 SU4 SR1 and earlier are susceptible to these exploits.

For enterprise environments that manage numerous endpoints, the vulnerabilities are especially concerning because they impact the fundamental authentication and database query mechanisms. EPM 2024 SU5, the patched version, is now accessible via Ivanti's Ivanti License System (ILS). To reduce possible risks, administrators are strongly encouraged to implement the update right away.

Since both vulnerabilities were disclosed through Ivanti's responsible disclosure program, the company has attested that no active exploitation was detected before the vulnerabilities were made public. Working with the Trend Zero Day Initiative, security researcher 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044 found the vulnerabilities. Ivanti has stressed its dedication to collaborating with the security community to preserve product integrity and openly recognized the researcher's role in identifying these security flaws.

These flaws highlight the continuous difficulties with enterprise software security, especially with regard to endpoint management programs that deal with sensitive organizational data and privileged access. Because it doesn't require any prior authentication, the authentication bypass vulnerability is particularly worrisome because it could give attackers initial access to credential stores. As of right now, Ivanti reports no evidence of exploitation in the wild, and there are no known indicators of compromise linked to these vulnerabilities.

However, organizations are under more pressure to implement the available patches as a result of the technical details being made public. Ivanti Endpoint Manager users should make updating to version 2024 SU5 a top priority and perform security audits to make sure no illegal access has taken place before patching. Through its official disclosure channels, Ivanti still encourages security researchers to report vulnerabilities.

X, LinkedIn, and LinkedIn for daily ZeroOwl. To have your stories featured, get in touch with us.