Skip to main content

Ivanti Secure Access Client CVE-2026-7431

| EUVDEUVD-2026-29485 MEDIUM
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-05-12 ivanti GHSA-392j-3m8m-x4c8
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 15:32 vuln.today
CVE Published
May 12, 2026 - 14:18 nvd
MEDIUM 4.4

DescriptionCVE.org

An incorrect permission assignment for critical resource of Ivanti Secure Access Client   before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.

AnalysisAI

Ivanti Secure Access Client before version 22.8R6 allows local authenticated users to read or modify sensitive log data through write access to a shared memory section due to incorrect permission assignments on a critical resource. With a CVSS score of 4.4 and a local attack vector requiring authentication, this vulnerability poses a moderate risk to users whose systems are accessed by multiple authenticated accounts. No active exploitation has been publicly confirmed, but the simplicity of the attack (local, low complexity) makes this a practical concern for multi-user systems.

Technical ContextAI

This vulnerability stems from a CWE-732 (Incorrect Permission Assignment for Critical Resource) flaw in Ivanti Secure Access Client. The underlying issue involves inadequate access controls on a shared memory section used for log data storage. Shared memory is a Unix/Linux inter-process communication (IPC) mechanism that allows processes to access common memory regions; when permissions are misconfigured, unintended processes or users can gain read or write access. The affected product uses shared memory for logging functionality, but the permission bits (rwx flags) were not properly restricted to prevent local authenticated users from accessing or modifying this critical resource. This is a privilege escalation or lateral-movement vector within the same system, as it allows lower-privileged authenticated users to tamper with logging data that should be protected.

RemediationAI

Upgrade Ivanti Secure Access Client to version 22.8R6 or later to remediate this vulnerability. This patched version corrects the shared memory permission assignment, restricting write access to authorized processes only. Organizations should prioritize this patch on multi-user systems, shared workstations, or environments where privilege escalation or lateral movement is a concern. If immediate patching is not feasible, consider restricting login access to the affected system to a single authenticated user per session, or isolating the Secure Access Client to a dedicated account with minimal privilege that cannot be accessed by other local users. These workarounds reduce the attack surface but do not eliminate the underlying flaw and should be viewed as temporary measures. See the vendor advisory for any additional mitigations or deployment guidance.

More in Ivanti

View all
CVE-2024-7593 CRITICAL POC
9.8 Aug 13

Authentication bypass in Ivanti Virtual Traffic Manager (vTM) admin panel allows remote unauthenticated attackers to gai

CVE-2024-13159 CRITICAL POC
9.8 Jan 14

Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to l

CVE-2024-13160 CRITICAL POC
9.8 Jan 14

Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosu

CVE-2024-13161 CRITICAL POC
9.8 Jan 14

Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosur

CVE-2025-0282 CRITICAL POC
9.0 Jan 08

Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated

CVE-2025-4427 MEDIUM POC
5.3 May 13

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to a

CVE-2026-1281 CRITICAL POC
9.8 Jan 29

Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that al

CVE-2026-1340 CRITICAL POC
9.8 Jan 29

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to a

CVE-2025-22457 CRITICAL POC
9.0 Apr 03

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated re

CVE-2025-4428 HIGH POC
7.2 May 13

Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authentica

CVE-2026-1603 HIGH POC
8.6 Feb 10

Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthen

CVE-2026-10520 CRITICAL POC
10.0 Jun 09

Remote code execution in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows unauthenticated remote attackers to a

Share

CVE-2026-7431 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy