CVE-2026-1603
Analyzed
Analyzed - Analysis Complete
Authentication Bypass in Ivanti Endpoint Manager Exposes Credentials
Publication date: 2026-02-10
Last updated on: 2026-03-10
Assigner: ivanti
Description
Description
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ivanti | endpoint_manager | 2024 |
| ivanti | endpoint_manager | 2024 |
| ivanti | endpoint_manager | 2024 |
| ivanti | endpoint_manager | to 2024 (exc) |
| ivanti | endpoint_manager | 2024 |
| ivanti | endpoint_manager | 2024 |
| ivanti | endpoint_manager | 2024 |
| ivanti | endpoint_manager | 2024 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
