CVE-2026-1603

Published Feb 10, 2026

Last updated 2 months ago

Exploit knownCVSS high 8.6
web application
Zero-day
Server
Ivanti Endpoint Manager

Overview

Description
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed
Products
endpoint_manager

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Exploit added on
Mar 9, 2026
Exploit action due
Mar 23, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-288
nvd@nist.gov
CWE-306

Social media

Hype score
Not currently trending

  1. #CISA confirms active exploitation of Ivanti EPM #CVE-2026-1603, an auth bypass allowing credential leak. Patch Ivanti EPM versions prior to 2024 SU5 immediately. #threatintel #mssp #cybersecurity

    @bettermssp

    23 Mar 2026

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CISA warns that patched flaws in Ivanti EPM and Cisco SD-WAN are being actively exploited. Ivanti (CVE-2026-1603): Credential leaks. Cisco (CVE-2026-20127): Auth bypass (exploited since 2023) If you run these, check your patch levels and logs immediately. https://t.co/XFLnC17pPG

    @GetTCT

    16 Mar 2026

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA adds 3 x exploited vulns to KEV catalog. Info, incl. fix info, at SecAlerts: CVE-2025-26399: https://t.co/oLzBFWDokL CVE-2026-1603: https://t.co/5Duu3lhHy6 CVE-2021-22054: https://t.co/30hzGgqfQl #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #secalerts #CISA

    @SecAlertsCo

    11 Mar 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISA accelerates patch deadlines for critical vulnerabilities in SolarWinds Web Help Desk (CVE-2025-26399) and Ivanti (CVE-2026-1603) amid active exploitation and nation-state targeting. #SolarWinds #Ivanti #USA https://t.co/GTfky7muTF

    @TweetThreatNews

    11 Mar 2026

    187 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISA added CVE-2021-22054, CVE-2025-26399, and CVE-2026-1603 to its Known Exploited Vulnerabilities list due to active attacks. Issues affect SolarWinds Web Help Desk, Ivanti, and Workspace One with federal patch deadlines in 2026. #SolarWinds #Ivanti https://t.co/eX4J3pZZVE

    @TweetThreatNews

    10 Mar 2026

    180 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA adds Ivanti Endpoint Manager, SolarWinds Web Help Desk, VMware Workspace ONE flaws (CVE-2025-26399, CVE-2026-1603, CVE-2021-22054) to KEV list amid active exploitation. Patch now. https://t.co/JBOxjkPaQF

    @threatcluster

    10 Mar 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに3件の脆弱性が追加。Omnissa Workspace ONEのCVE-2021-22054、SolarWinds Web Help DeskのCVE-2025-26399、Ivanti Endpoint Manager (EPM)のCVE-2026-160

    @__kokumoto

    9 Mar 2026

    4254 Impressions

    1 Retweet

    4 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  8. 🛡️ We added Omnissa Workspace ONE UEM vulnerability CVE-2021-22054, SolarWinds Web Help Desk vulnerability CVE-2025-26399, & Ivanti Endpoint Manager vulnerability CVE-2026-1603 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSe

    @CISACyber

    9 Mar 2026

    4890 Impressions

    9 Retweets

    37 Likes

    1 Bookmark

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. Microsoft SharePoint Server Improper Input Validation VulnerabilityCVE-2026-32201
  2. Adobe Acrobat and Reader Prototype Pollution VulnerabilityCVE-2026-34621
  3. Apache ActiveMQ Improper Input Validation VulnerabilityCVE-2026-34197
  4. Google Dawn Use-After-Free VulnerabilityCVE-2026-5281
  5. The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.CVE-2026-3775

References

Sources include official advisories and independent security research.