Vulnerability detail

Enriched intelligence for a single CVE

8.6

CVSS
High

CVE-2026-1603

PUBLISHED

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored...

1 day faster than CISA KEV

Exploited in the wild Remote Low complexity No user interaction

Vendor: Ivanti
Product: Endpoint Manager
Published: Feb 10, 2026
EPSS: 58.9% · 98% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

cisa nuclei_scanner edge

Weaknesses (CWE)

CWE-288

Authentication Bypass Using an Alternate Path or Channel
CWE-306

Missing Authentication for Critical Function

CVSS scores

CVSS v3.1 8.6 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2026-06-01 12:09:49 UTC · CVE

References

https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-01 12:09 UTC
The Shadowserver (via CIRCL)	2026-06-02 00:00 UTC
CISA	2026-06-02 14:02 UTC

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-1603.yaml	Jun 01, 2026

Timeline

CVE ID Reserved

2026-01-29 09:18 UTC
CVE Published to Public

2026-02-10 15:09 UTC
Added to KEVIntel

2026-06-01 12:09 UTC
Detected by Nuclei

2026-06-01 15:34 UTC
KEV confirmed by The Shadowserver (via CIRCL)

2026-06-02 00:00 UTC
KEV confirmed by CISA

2026-06-02 14:02 UTC