Ivanti threat watch

Ivanti product CVE coverage from NVD — Connect Secure, EPM, Neurons, and remote-access security advisories.

Watch items

Recent Ivanti watch items

Showing the 20 most recent items, newest first. Each row links to the official advisory.

20 rows · sorted newest first

Operations view

Ivanti Sentry OS Command Injection Vulnerability

critical
activeCISA KEVCVE-2026-10520

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.

Jun 10, 2026, 7:00 PMOfficial source

standalone sentry vulnerability (CVE-2026-10523)

CRITICAL
watchNVDCVE-2026-10523

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

Jun 9, 2026, 11:16 AMOfficial source

secure access client vulnerability (CVE-2026-7432)

HIGH
watchNVDCVE-2026-7432

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM

May 12, 2026, 10:16 AMOfficial source

endpoint manager mobile vulnerability (CVE-2026-7821)

CRITICAL
watchNVDCVE-2026-7821

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.

May 7, 2026, 11:16 AMOfficial source

endpoint manager mobile vulnerability (CVE-2026-6973)

HIGH
activeCISA KEVCVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

May 7, 2026, 11:16 AMOfficial source

endpoint manager mobile vulnerability (CVE-2026-5788)

CRITICAL
watchNVDCVE-2026-5788

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.

May 7, 2026, 11:16 AMOfficial source

endpoint manager mobile vulnerability (CVE-2026-5787)

CRITICAL
watchNVDCVE-2026-5787

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

May 7, 2026, 11:16 AMOfficial source

endpoint manager vulnerability (CVE-2026-1603)

HIGH
activeCISA KEVCVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Feb 10, 2026, 10:16 AMOfficial source

endpoint manager mobile vulnerability (CVE-2026-1340)

CRITICAL
activeCISA KEVCVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Jan 29, 2026, 4:15 PMOfficial source

endpoint manager mobile vulnerability (CVE-2026-1281)

CRITICAL
activeCISA KEVCVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Jan 29, 2026, 4:15 PMOfficial source

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

critical
activeCISA KEVCVE-2025-4428

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.

May 18, 2025, 7:00 PMOfficial source

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

critical
activeCISA KEVCVE-2025-4427

Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.

May 18, 2025, 7:00 PMOfficial source

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

critical
activeCISA KEVCVE-2025-22457

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known.

Apr 3, 2025, 7:00 PMOfficial source

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

critical
activeCISA KEVCVE-2024-13160

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

Mar 9, 2025, 7:00 PMOfficial source

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

critical
activeCISA KEVCVE-2024-13161

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

Mar 9, 2025, 7:00 PMOfficial source

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

critical
activeCISA KEVCVE-2024-13159

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

Mar 9, 2025, 7:00 PMOfficial source

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

critical
activeCISA KEVCVE-2025-0282

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known.

Jan 7, 2025, 6:00 PMOfficial source

Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability

critical
activeCISA KEVCVE-2024-9379

Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.

Oct 8, 2024, 7:00 PMOfficial source

Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability

critical
activeCISA KEVCVE-2024-9380

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Oct 8, 2024, 7:00 PMOfficial source

Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability

critical
activeCISA KEVCVE-2024-29824

Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.

Oct 1, 2024, 7:00 PMOfficial source

Vendor watch hub

What this page covers

The Ivantiwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.

  • Confirm whether recent Ivanti activity overlaps with your environment.
  • Prioritize advisories by MSP-relevance score, severity, and status.
  • Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.

At a glance

Tracked

46

Active

35

Featured

41

Unique CVEs

20

Most recent entry

Jun 10, 2026, 7:00 PM

Feed refreshes daily · 5:15 a.m. Central

Sources·CISA KEV and NVD (product vendor coverage)

"Most recent entry" is the newest item the upstream feed has published — not our sync time.

Related vendors

Other security vendors in the radar

Vendor watch FAQ

Common questions

What is the Ivanti threat watch page?

It is the Ivanti-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.

How should teams use the Ivanti watch page?

Use it to confirm whether current Ivanti issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.

Can ITECS help respond to Ivanti security issues?

Yes. ITECS can help map Ivanti advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.