CVE-2026-4913
Received Received - Intake
Improper Access Control in Ivanti N-ITSM Allows Persistent Access

Publication date: 2026-04-14

Last updated on: 2026-04-14

Assigner: ivanti

Description
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4913
EUVD
EUVD-2026-22278
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ivanti n-itsm to 2025.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-424 The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Ivanti N-ITSM versions before 2025.4. It involves improper protection of an alternate access path, which allows a remote authenticated attacker to maintain access to the system even after their user account has been disabled.

Impact Analysis

The vulnerability can allow an attacker who has already authenticated to continue accessing the system despite their account being disabled. This means that disabling a compromised account may not be sufficient to prevent unauthorized access, potentially leading to unauthorized data exposure or misuse.

Compliance Impact

This vulnerability allows a remote authenticated attacker to retain access even after their account has been disabled, which could lead to unauthorized access to sensitive data.

Such unauthorized access may violate compliance requirements in standards and regulations like GDPR and HIPAA, which mandate strict access controls and timely revocation of access rights to protect personal and health information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4913. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart