Other information and services of the government: www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Security update for Ivanti Endpoint Manager vulnerabilities, Patch Immediately!

Image
Decorative image
Published : 11/02/2026
  • Last update: 11/02/2026
  • Affected software:
    → Ivanti Endpoint Manager (EPM) 2024 SU4 SR1 and prior.
  • Type: Authentication bypass and SQL Injection
  • CVE/CVSS
    → CVE-2026-1603: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
    → CVE-2026-1602: CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Sources

https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US

Risks

Ivanti released a security update to address two new vulnerabilities in the Endpoint Manager (EPM) solution, widely used to manage and secure enterprise device. Since the Ivanti EPM operates with high privileges across endpoints, any vulnerability in the platform is especially attractive to attackers seeking initial access or lateral movement within networks.

Successful exploitation of CVE-2026-1603 could allow a remote unauthenticated attacker to access specific stored credential data, while exploitation of CVE-2026-1602 would allow a remote authenticated attacker to read arbitrary data from the database.

Additionally, Ivanti’s update resolves 11 medium-severity vulnerabilities that were previously disclosed in October 2025

Description

CVE-2026-1603, with a CVSS score of 8.6 (High), is an authentication bypass vulnerability that has a high confidentiality impact with changed scope, meaning the attack could potentially affect resources beyond the vulnerable component itself.

An unauthenticated attacker on the network can bypass authentication controls and access sensitive stored credential information without requiring any user interaction. This could lead to exposure of authentication credentials that could be used for further compromise of systems or accounts managed by the endpoint manager.

CVE-2026-1602, with a CVSS score of 6.5 (Medium), requires the attacker to already have valid user credentials for the system to read arbitrary data from the database. While less severe, the vulnerability poses a risk of data leakage from insider threats or compromised user accounts.

Recommended Actions

Patch
Ivanti recommends resolving these vulnerabilities by updating to Ivanti EPM 2024 SU5, available in ILS.

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US
https://nvd.nist.gov/vuln/detail/CVE-2026-1603
https://nvd.nist.gov/vuln/detail/CVE-2026-1602