COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-1603

CVE-2026-1603

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-09
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-1603
⌖ exploited in the wild shame 85/100 exploited-in-wildauth-bypassdata-breachunpatched

Ivanti Endpoint Manager allows remote unauthenticated attackers to bypass authentication and leak stored credentials via an alternate path.

This authentication bypass vulnerability enables remote attackers to access sensitive credential data without authentication, posing a severe risk to DIB organizations relying on Ivanti EPM for endpoint management. The exploitability of an unauthenticated path to leak credentials directly impacts compliance with FedRAMP and NIST 800-171 requirements for access control and data confidentiality. DIB orgs must immediately patch affected systems and audit all credential stores for potential exposure.

Shame score — An unauthenticated authentication bypass allowing credential leakage is a critical security failure that undermines trust in endpoint management solutions.

Players implicated

Ivanti · vendor Endpoint Manager (EPM) · product

Description

Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.

Affected FedRAMP products 2 in the catalog

ProductProviderStatusMatch
Ivanti Neurons for ITSM (Formerly Service Manager) Ivanti Authorized vendor-exact · 0.90
Ivanti Neurons for MDM (Formerly MobileIron) Ivanti Authorized vendor-exact · 0.90