CVE-2026-1603
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the AuthHelper class. The issue results from using an alternative, weak authentication path. An attacker can leverage this vulnerability to bypass authentication on the system.
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2026-01-29 CVE Reserved
- 2026-02-10 CVE Published
- 2026-03-09 Exploited in Wild
- 2026-03-10 CVE Updated
- 2026-03-23 KEV Due Date
- 2026-04-28 EPSS Updated
- ---------- First Exploit
CWE
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
- CAPEC-115: Authentication Bypass
References (1)
| URL | Tag | Source |
|---|---|---|
| https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ivanti Search vendor "Ivanti" | Endpoint Manager Search vendor "Ivanti" for product "Endpoint Manager" | * | - |
Affected
| ||||||