Ivanti product CVE coverage from NVD — Connect Secure, EPM, Neurons, and remote-access security advisories.
Vendor watch hub
The Ivantiwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
May 7, 2026, 11:16 AM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewImproper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.
Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
endpoint manager mobile vulnerability (CVE-2026-7821)Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity. endpoint manager mobile | CRITICALCVE-2026-7821 Elevated | watch | May 7, 2026, 11:16 AM | NVDOpen source |
endpoint manager mobile vulnerability (CVE-2026-6973)An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. endpoint manager mobile | HIGHCVE-2026-6973 Critical | active | May 7, 2026, 11:16 AM | CISA KEVOpen source |
endpoint manager mobile vulnerability (CVE-2026-5788)An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. endpoint manager mobile | CRITICALCVE-2026-5788 Elevated | watch | May 7, 2026, 11:16 AM | NVDOpen source |
endpoint manager mobile vulnerability (CVE-2026-5787)An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. endpoint manager mobile | CRITICALCVE-2026-5787 Elevated | watch | May 7, 2026, 11:16 AM | NVDOpen source |
Ivanti Endpoint Manager (EPM) Authentication Bypass VulnerabilityIvanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. Endpoint Manager (EPM) | criticalCVE-2026-1603 Critical | active | Mar 8, 2026, 7:00 PM | CISA KEVOpen source |
endpoint manager mobile vulnerability (CVE-2026-1340)A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. endpoint manager mobile | CRITICALCVE-2026-1340 Critical | active | Jan 29, 2026, 4:15 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. Endpoint Manager Mobile (EPMM) | criticalCVE-2026-1281 Critical | active | Jan 28, 2026, 6:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library. Endpoint Manager Mobile (EPMM) | criticalCVE-2025-4427 Critical | active | May 18, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036. Endpoint Manager Mobile (EPMM) | criticalCVE-2025-4428 Critical | active | May 18, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow VulnerabilityIvanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known. Connect Secure, Policy Secure, and ZTA Gateways | criticalCVE-2025-22457 Critical | active | Apr 3, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal VulnerabilityIvanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. Endpoint Manager (EPM) | criticalCVE-2024-13161 Critical | active | Mar 9, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal VulnerabilityIvanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. Endpoint Manager (EPM) | criticalCVE-2024-13159 Critical | active | Mar 9, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal VulnerabilityIvanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. Endpoint Manager (EPM) | criticalCVE-2024-13160 Critical | active | Mar 9, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow VulnerabilityIvanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known. Connect Secure, Policy Secure, and ZTA Gateways | criticalCVE-2025-0282 Critical | active | Jan 7, 2025, 6:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance (CSA) OS Command Injection VulnerabilityIvanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. Cloud Services Appliance (CSA) | criticalCVE-2024-9380 Critical | active | Oct 8, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance (CSA) SQL Injection VulnerabilityIvanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements. Cloud Services Appliance (CSA) | criticalCVE-2024-9379 Critical | active | Oct 8, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) SQL Injection VulnerabilityIvanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code. Endpoint Manager (EPM) | criticalCVE-2024-29824 Critical | active | Oct 1, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Virtual Traffic Manager Authentication Bypass VulnerabilityIvanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account. Virtual Traffic Manager | criticalCVE-2024-7593 Critical | active | Sep 23, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance (CSA) Path Traversal VulnerabilityIvanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance. Cloud Services Appliance (CSA) | criticalCVE-2024-8963 Critical | active | Sep 18, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance OS Command Injection VulnerabilityIvanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. Cloud Services Appliance | criticalCVE-2024-8190 Critical | active | Sep 12, 2024, 7:00 PM | CISA KEVOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the cybersecurity services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Ivanti-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Ivanti issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Ivanti advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.