Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations view
Ivanti Sentry OS Command Injection Vulnerability
critical
activeCISA KEVCVE-2026-10520
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
endpoint manager mobile vulnerability (CVE-2026-7821)
CRITICAL
watchNVDCVE-2026-7821
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
endpoint manager mobile vulnerability (CVE-2026-6973)
HIGH
activeCISA KEVCVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
endpoint manager mobile vulnerability (CVE-2026-5788)
CRITICAL
watchNVDCVE-2026-5788
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
endpoint manager mobile vulnerability (CVE-2026-5787)
CRITICAL
watchNVDCVE-2026-5787
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
critical
activeCISA KEVCVE-2025-4428
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
critical
activeCISA KEVCVE-2025-4427
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known.
Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
critical
activeCISA KEVCVE-2024-9380
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
Sentry
criticalCVE-2026-10520
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 98.9% EPSS.
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
standalone sentry
CRITICALCVE-2026-10523
Elevated
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 47.2% EPSS.
endpoint manager mobile vulnerability (CVE-2026-7821)
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
endpoint manager mobile
CRITICALCVE-2026-7821
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.5% EPSS.
endpoint manager mobile vulnerability (CVE-2026-6973)
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
endpoint manager mobile
HIGHCVE-2026-6973
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 34.5% EPSS.
endpoint manager mobile vulnerability (CVE-2026-5788)
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
endpoint manager mobile
CRITICALCVE-2026-5788
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.8% EPSS.
endpoint manager mobile vulnerability (CVE-2026-5787)
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
endpoint manager mobile
CRITICALCVE-2026-5787
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.7% EPSS.
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
endpoint manager
HIGHCVE-2026-1603
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 81.1% EPSS.
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.
Endpoint Manager Mobile (EPMM)
criticalCVE-2025-4428
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 87.5% EPSS.
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.
Endpoint Manager Mobile (EPMM)
criticalCVE-2025-4427
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 99.6% EPSS.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known.
Connect Secure, Policy Secure, and ZTA Gateways
criticalCVE-2025-22457
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 100.0% EPSS.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Endpoint Manager (EPM)
criticalCVE-2024-13160
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 89.7% EPSS.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Endpoint Manager (EPM)
criticalCVE-2024-13161
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 88.5% EPSS.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Endpoint Manager (EPM)
criticalCVE-2024-13159
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 99.8% EPSS.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known.
Connect Secure, Policy Secure, and ZTA Gateways
criticalCVE-2025-0282
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 100.0% EPSS.
Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.
Cloud Services Appliance (CSA)
criticalCVE-2024-9379
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 43.6% EPSS.
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Cloud Services Appliance (CSA)
criticalCVE-2024-9380
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 63.0% EPSS.
Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.
Endpoint Manager (EPM)
criticalCVE-2024-29824
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 100.0% EPSS.
The Ivantiwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
Confirm whether recent Ivanti activity overlaps with your environment.
Prioritize advisories by MSP-relevance score, severity, and status.
Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.
At a glance
Tracked
46
Active
35
Featured
41
Unique CVEs
20
Most recent entry
Jun 10, 2026, 7:00 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
It is the Ivanti-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
How should teams use the Ivanti watch page?
Use it to confirm whether current Ivanti issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Can ITECS help respond to Ivanti security issues?
Yes. ITECS can help map Ivanti advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.