secure access client vulnerability (CVE-2026-7432)
HIGHwatchNVDCVE-2026-7432
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
May 12, 2026, 10:16 AMOfficial source
Ivanti threat watch
Ivanti product CVE coverage from NVD — Connect Secure, EPM, Neurons, and remote-access security advisories.
Vendor watch hub
What this page covers
The Ivantiwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
- Confirm whether recent Ivanti activity overlaps with your environment.
- Prioritize advisories by MSP-relevance score, severity, and status.
- Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.
At a glance
Tracked
44
Active
34
Featured
39
Unique CVEs
20
Most recent entry
May 12, 2026, 10:16 AM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Recent Ivanti watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewendpoint manager mobile vulnerability (CVE-2026-7821)
CRITICALwatchNVDCVE-2026-7821
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
May 7, 2026, 11:16 AMOfficial source
endpoint manager mobile vulnerability (CVE-2026-6973)
HIGHactiveCISA KEVCVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
May 7, 2026, 11:16 AMOfficial source
endpoint manager mobile vulnerability (CVE-2026-5788)
CRITICALwatchNVDCVE-2026-5788
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
May 7, 2026, 11:16 AMOfficial source
endpoint manager mobile vulnerability (CVE-2026-5787)
CRITICALwatchNVDCVE-2026-5787
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
May 7, 2026, 11:16 AMOfficial source
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
criticalactiveCISA KEVCVE-2026-1340
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Apr 7, 2026, 7:00 PMOfficial source
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
criticalactiveCISA KEVCVE-2026-1603
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.
Mar 8, 2026, 7:00 PMOfficial source
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
criticalactiveCISA KEVCVE-2026-1281
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Jan 28, 2026, 6:00 PMOfficial source
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
criticalactiveCISA KEVCVE-2025-4427
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.
May 18, 2025, 7:00 PMOfficial source
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
criticalactiveCISA KEVCVE-2025-4428
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.
May 18, 2025, 7:00 PMOfficial source
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
criticalactiveCISA KEVCVE-2025-22457
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known.
Apr 3, 2025, 7:00 PMOfficial source
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
criticalactiveCISA KEVCVE-2024-13161
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Mar 9, 2025, 7:00 PMOfficial source
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
criticalactiveCISA KEVCVE-2024-13160
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Mar 9, 2025, 7:00 PMOfficial source
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
criticalactiveCISA KEVCVE-2024-13159
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Mar 9, 2025, 7:00 PMOfficial source
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
criticalactiveCISA KEVCVE-2025-0282
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known.
Jan 7, 2025, 6:00 PMOfficial source
Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability
criticalactiveCISA KEVCVE-2024-9379
Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.
Oct 8, 2024, 7:00 PMOfficial source
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
criticalactiveCISA KEVCVE-2024-9380
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Oct 8, 2024, 7:00 PMOfficial source
Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
criticalactiveCISA KEVCVE-2024-29824
Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.
Oct 1, 2024, 7:00 PMOfficial source
Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
criticalactiveCISA KEVCVE-2024-8963
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.
Sep 18, 2024, 7:00 PMOfficial source
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
criticalactiveCISA KEVCVE-2024-8190
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Sep 12, 2024, 7:00 PMOfficial source
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
secure access client vulnerability (CVE-2026-7432)A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM secure access client | HIGHCVE-2026-7432 Watch | watch | May 12, 2026, 10:16 AM | NVDOpen source |
endpoint manager mobile vulnerability (CVE-2026-7821)Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity. endpoint manager mobile | CRITICALCVE-2026-7821 Watch | watch | May 7, 2026, 11:16 AM | NVDOpen source |
endpoint manager mobile vulnerability (CVE-2026-6973)An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. endpoint manager mobile | HIGHCVE-2026-6973 Critical | active | May 7, 2026, 11:16 AM | CISA KEVOpen source |
endpoint manager mobile vulnerability (CVE-2026-5788)An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. endpoint manager mobile | CRITICALCVE-2026-5788 Watch | watch | May 7, 2026, 11:16 AM | NVDOpen source |
endpoint manager mobile vulnerability (CVE-2026-5787)An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. endpoint manager mobile | CRITICALCVE-2026-5787 Watch | watch | May 7, 2026, 11:16 AM | NVDOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. Endpoint Manager Mobile (EPMM) | criticalCVE-2026-1340 Critical | active | Apr 7, 2026, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Authentication Bypass VulnerabilityIvanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. Endpoint Manager (EPM) | criticalCVE-2026-1603 Critical | active | Mar 8, 2026, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. Endpoint Manager Mobile (EPMM) | criticalCVE-2026-1281 Critical | active | Jan 28, 2026, 6:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library. Endpoint Manager Mobile (EPMM) | criticalCVE-2025-4427 Critical | active | May 18, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036. Endpoint Manager Mobile (EPMM) | criticalCVE-2025-4428 Critical | active | May 18, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow VulnerabilityIvanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known. Connect Secure, Policy Secure, and ZTA Gateways | criticalCVE-2025-22457 Critical | active | Apr 3, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal VulnerabilityIvanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. Endpoint Manager (EPM) | criticalCVE-2024-13161 Critical | active | Mar 9, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal VulnerabilityIvanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. Endpoint Manager (EPM) | criticalCVE-2024-13160 Critical | active | Mar 9, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal VulnerabilityIvanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. Endpoint Manager (EPM) | criticalCVE-2024-13159 Critical | active | Mar 9, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow VulnerabilityIvanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known. Connect Secure, Policy Secure, and ZTA Gateways | criticalCVE-2025-0282 Critical | active | Jan 7, 2025, 6:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance (CSA) SQL Injection VulnerabilityIvanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements. Cloud Services Appliance (CSA) | criticalCVE-2024-9379 Critical | active | Oct 8, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance (CSA) OS Command Injection VulnerabilityIvanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. Cloud Services Appliance (CSA) | criticalCVE-2024-9380 Critical | active | Oct 8, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) SQL Injection VulnerabilityIvanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code. Endpoint Manager (EPM) | criticalCVE-2024-29824 Critical | active | Oct 1, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance (CSA) Path Traversal VulnerabilityIvanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance. Cloud Services Appliance (CSA) | criticalCVE-2024-8963 Critical | active | Sep 18, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance OS Command Injection VulnerabilityIvanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. Cloud Services Appliance | criticalCVE-2024-8190 Critical | active | Sep 12, 2024, 7:00 PM | CISA KEVOpen source |
ITECS response pathways
Turn the Ivanti watch feed into an action plan
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Cybersecurity services
Use the cybersecurity services pathway when this vendor alert needs an ITECS-managed response plan.
Cybersecurity services
Connect the vendor watch page to broader managed detection, response, and governance planning.
Cybersecurity assessment
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Threat Radar hub
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
Common questions
What is the Ivanti threat watch page?
It is the Ivanti-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
How should teams use the Ivanti watch page?
Use it to confirm whether current Ivanti issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Can ITECS help respond to Ivanti security issues?
Yes. ITECS can help map Ivanti advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.