CVE-2026-4913
Received Received - Intake

Improper Access Control in Ivanti N-ITSM Allows Persistent Access

Vulnerability report for CVE-2026-4913, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-14

Last updated on: 2026-04-14

Assigner: ivanti

Description

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-14
Last Modified
2026-04-14
Generated
2026-07-06
AI Q&A
2026-04-14
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ivanti n-itsm to 2025.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-424 The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Ivanti N-ITSM versions before 2025.4. It involves improper protection of an alternate access path, which allows a remote authenticated attacker to maintain access to the system even after their user account has been disabled.

Impact Analysis

The vulnerability can allow an attacker who has already authenticated to continue accessing the system despite their account being disabled. This means that disabling a compromised account may not be sufficient to prevent unauthorized access, potentially leading to unauthorized data exposure or misuse.

Compliance Impact

This vulnerability allows a remote authenticated attacker to retain access even after their account has been disabled, which could lead to unauthorized access to sensitive data.

Such unauthorized access may violate compliance requirements in standards and regulations like GDPR and HIPAA, which mandate strict access controls and timely revocation of access rights to protect personal and health information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4913. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart