Exploitation of Ivanti Endpoint Manager Vulnerability

Authentication bypass vulnerability CVE-2026-1603 could allow an unauthenticated, remote attacker to leak specific stored credential data

Threat ID:: CC-4752
Threat Severity:: Medium
Published:: 11 March 2026 1:16 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Authentication bypass vulnerability CVE-2026-1603 could allow an unauthenticated, remote attacker to leak specific stored credential data

Affected platforms

The following platforms are known to be affected:

Ivanti Endpoint Manager

All prior to 2024 SU4 SR1

Threat details

Exploitation of CVE-2026-1603

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-1603 to their Known Exploited Vulnerabilities (KEV) Catalog.

The NHS England National CSOC assesses further exploitation as highly likely.

Introduction

In February 2026, Ivanti released a security update to address a high severity vulnerability CVE-2026-1603 in Ivanti EPM (Endpoint Manager). CISA are now reporting CVE-2026-1603 has been exploited and have added this vulnerability to their Known Exploited Vulnerabilities (KEV) Catalog.

CVE-2026-1603 - Authentication bypass vulnerability - CVSSv3 score: 8.6

Remediation advice

Affected organisations are encouraged to review Ivanti's Security Advisory EPM February 2026 for EPM 2024 and apply the relevant update.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Last edited: 11 March 2026 1:16 pm