CVE-2026-1603

Published Feb 10, 2026

Last updated 3 months ago

Exploit knownCVSS high 8.6
web application
Zero-day
Server
Ivanti Endpoint Manager

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-1603 is an authentication bypass vulnerability found in Ivanti Endpoint Manager (EPM) that allows a remote, unauthenticated attacker to extract specific stored credential data. This flaw arises from improper authentication mechanisms within the software, specifically through an alternate path or channel that fails to adequately enforce authentication requirements. Attackers can exploit this vulnerability to bypass standard authentication controls and gain unauthorized access to sensitive credential information stored within the Ivanti Endpoint Manager system. The vulnerability affects Ivanti Endpoint Manager versions prior to 2024 SU5.

Description
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed
Products
endpoint_manager

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Exploit added on
Mar 9, 2026
Exploit action due
Mar 23, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-288
nvd@nist.gov
CWE-306

Social media

Hype score
Not currently trending

  1. #CISA confirms active exploitation of Ivanti EPM #CVE-2026-1603, an auth bypass allowing credential leak. Patch Ivanti EPM versions prior to 2024 SU5 immediately. #threatintel #mssp #cybersecurity

    @bettermssp

    23 Mar 2026

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CISA warns that patched flaws in Ivanti EPM and Cisco SD-WAN are being actively exploited. Ivanti (CVE-2026-1603): Credential leaks. Cisco (CVE-2026-20127): Auth bypass (exploited since 2023) If you run these, check your patch levels and logs immediately. https://t.co/XFLnC17pPG

    @GetTCT

    16 Mar 2026

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA adds 3 x exploited vulns to KEV catalog. Info, incl. fix info, at SecAlerts: CVE-2025-26399: https://t.co/oLzBFWDokL CVE-2026-1603: https://t.co/5Duu3lhHy6 CVE-2021-22054: https://t.co/30hzGgqfQl #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #secalerts #CISA

    @SecAlertsCo

    11 Mar 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISA accelerates patch deadlines for critical vulnerabilities in SolarWinds Web Help Desk (CVE-2025-26399) and Ivanti (CVE-2026-1603) amid active exploitation and nation-state targeting. #SolarWinds #Ivanti #USA https://t.co/GTfky7muTF

    @TweetThreatNews

    11 Mar 2026

    187 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISA added CVE-2021-22054, CVE-2025-26399, and CVE-2026-1603 to its Known Exploited Vulnerabilities list due to active attacks. Issues affect SolarWinds Web Help Desk, Ivanti, and Workspace One with federal patch deadlines in 2026. #SolarWinds #Ivanti https://t.co/eX4J3pZZVE

    @TweetThreatNews

    10 Mar 2026

    180 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA adds Ivanti Endpoint Manager, SolarWinds Web Help Desk, VMware Workspace ONE flaws (CVE-2025-26399, CVE-2026-1603, CVE-2021-22054) to KEV list amid active exploitation. Patch now. https://t.co/JBOxjkPaQF

    @threatcluster

    10 Mar 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに3件の脆弱性が追加。Omnissa Workspace ONEのCVE-2021-22054、SolarWinds Web Help DeskのCVE-2025-26399、Ivanti Endpoint Manager (EPM)のCVE-2026-160

    @__kokumoto

    9 Mar 2026

    4254 Impressions

    1 Retweet

    4 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  8. 🛡️ We added Omnissa Workspace ONE UEM vulnerability CVE-2021-22054, SolarWinds Web Help Desk vulnerability CVE-2025-26399, & Ivanti Endpoint Manager vulnerability CVE-2026-1603 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSe

    @CISACyber

    9 Mar 2026

    4890 Impressions

    9 Retweets

    37 Likes

    1 Bookmark

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.CVE-2026-34910
  2. A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.CVE-2026-34909
  3. A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.CVE-2026-34911
  4. A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.CVE-2026-34908
  5. A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.CVE-2026-33000

References

Sources include official advisories and independent security research.