Skip to main content

Endpoint Manager CVE-2026-1602

MEDIUM
SQL Injection (CWE-89)
2026-02-10 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
SQLi Ivanti Endpoint Manager
6.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 10, 2026 - 16:16 nvd
MEDIUM 6.5

DescriptionNVD

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

AnalysisAI

Authenticated attackers can exploit SQL injection in Ivanti Endpoint Manager prior to version 2024 SU5 to extract sensitive data from the underlying database. This network-accessible vulnerability requires valid credentials but allows unauthorized information disclosure with no user interaction needed. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 30 days: Identify affected systems running Ivanti Endpoint Manager and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-8992 HIGH
8.8 May 22

Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run ar

Share

CVE-2026-1602 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy