Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Ivanti has released security updates to address vulnerabilities affecting several of its products, Patch Immediately!
Image
Gepubliceerd : 14/05/2026
- Last update: 13/05/2026
- Affected software:
→ Ivanti Endpoint Manager (EPM) 2024 SU5 and prior
→ Ivanti Secure Access Client (Windows) 22.8R5 and prior
→ Ivanti Xtraction 2026.1 and prior
→ Ivanti Virtual Traffic Manager (vTM) (vADC) 22.9r3 and prior- Type:
→ External Control file name
→ Privilege Escalation
→ Remote Code Execution (RCE)
→ SQL Injection- CVE/CVSS
→ CVE-2026-8111: CVSS 8.8 (CVSS:3.1 /AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2026-8110: CVSS 7.8 (CVSS:3.1 /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2026-8043: CVSS 9.6 (CVSS:3.1 /AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)
→ CVE-2026-8051: CVSS 7.2 (CVSS:3.1 /AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2026-7432: CVSS 7.8 (CVSS:3.1 /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
IVANTI
• https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-May-2026
• https://hub.ivanti.com/s/article/Security-Advisory---Ivanti-Xtraction-CVE-2026-8043
• https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2026-8051
• https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Secure-Access-Client-CVE-2026-7431-CVE-2026-7432
Risks
CVE-2026-8111 is an SQL injection vulnerability affecting Ivanti Endpoint Manager (EPM). This vulnerability could allow an authenticated attacker to execute arbitrary code remotely, potentially compromising the confidentiality, integrity and availability of affected systems.
CVE-2026-8110 is an Incorrect Permission Assignment for Critical Resource in Ivanti Endpoint Manager (EPM). This vulnerability could allow a local authenticated attacker to escalate their privileges, potentially compromising the confidentiality, integrity and availability of affected systems.
CVE-2026-8043 is a critical vulnerability that involves external control of file names or paths in Ivanti Xtraction. Successful exploitation could allow an authenticated remote attacker to read sensitive files and write arbitrary HTML files to a web directory. This vulnerability is a serious threat to confidentiality and integrity.
CVE-2026-8051 affects Ivanti Virtual Traffic Manager. Exploitation of this vulnerability could enable a remote attacker with admin privileges to execute arbitrary OS commands on affected systems, resulting in complete compromise of the system’s confidentiality, integrity and availability.
CVE-2026-7432 is a vulnerability that could allow a locally authenticated attacker to exploit race condition in Ivanti Secure Access Client in order to achieve SYSTEM privileges, which could lead to full control over the affected system. This could increase the risk of unauthorised actions, such as the installation of malware, access to sensitive data or disruption of system operations.
At the time of disclosure, security researchers have not yet observed any exploitation of these vulnerabilities.
Description
Ivanti has released security updates to fix vulnerabilities that affect several of its products.
CVE-2026-8111 involves and SQL injection vulnerability in the web console component of Ivanti Endpoint Manager versions prior to 2024 SU6, with CVSS sore of 8.8. This vulnerability could allow a remote attacker to achieve remote code execution.
CVE-2026-8110 is an incorrect permission assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6, with a CVSS score of 7.8. An authenticated local attacker could leverage this misconfiguration to escalate their privileges and achieve full control over the affected systems.
CVE-2026-8043 addresses a critical severity vulnerability affecting Ivanti Xtraction before version 2026.2, with a CVSS score of 9.6. The vulnerability involves external control of a file name, which allows a remote authenticated attacker to read files and write arbitrary HTML files to a web directory. This results in information disclosure and may facilitate client-side attacks against users accessing the affected web content.
CVE-2026-8051 affects Ivanti Traffic Manager versions prior to 22.9r4; it addresses a high-severity vulnerability with a CVSS score of 7.2. This vulnerability could allow a remote attacker who has authenticated with admin privileges to perform OS command injection, resulting in remote code execution.
CVE-2026-7432 involves race condition in Ivanti Secure Access Client prior to version 22.8R6, which addresses a high severity vulnerability, with a CVSS score of 7.8. A race condition occurs when concurrent execution using shared resources is not properly synchronized, which in this case could allow a locally authenticated attacker to escalate privileges to SYSTEM level.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
NIST - https://nvd.nist.gov/vuln/detail/CVE-2026-8111
NIST - https://nvd.nist.gov/vuln/detail/CVE-2026-8110
NIST - https://nvd.nist.gov/vuln/detail/CVE-2026-8043
NIST - https://nvd.nist.gov/vuln/detail/CVE-2026-8051
NIST - https://nvd.nist.gov/vuln/detail/CVE-2026-7432