Skip to main content

Ivanti Endpoint Manager CVE-2026-8109

| EUVDEUVD-2026-29489 MEDIUM
Exposed Dangerous Method or Function (CWE-749)
2026-05-12 ivanti GHSA-5fg5-92p6-87xv
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 15:32 vuln.today
CVE Published
May 12, 2026 - 14:29 nvd
MEDIUM 6.5

DescriptionCVE.org

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.

AnalysisAI

Remote authenticated attackers can exploit an exposed dangerous method on the Core Server of Ivanti Endpoint Manager versions before 2024 SU6 to leak access credentials. The vulnerability requires valid authentication credentials to exploit and does not allow code execution or system modification, but compromises confidentiality by exposing sensitive authentication material that could facilitate lateral movement or account takeover.

Technical ContextAI

Ivanti Endpoint Manager's Core Server exposes a method that is not properly restricted or secured, falling under CWE-749 (Exposed Dangerous Method or Function). This represents an API or internal function design flaw where privileged operations or sensitive data access are inadequately protected from authenticated users. The vulnerability affects the Ivanti Endpoint Manager product line, a widely-deployed enterprise endpoint management and security solution. The exposed method likely handles credential storage, retrieval, or management operations, allowing authenticated users to bypass normal access controls and retrieve credentials that should remain protected.

RemediationAI

Immediately upgrade Ivanti Endpoint Manager to version 2024 SU6 or later per the vendor security advisory at https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-May-2026?language=en_US. If upgrade cannot be immediately deployed, restrict network access to the Ivanti Endpoint Manager Core Server to trusted administrative networks and subnets only; implement firewall rules limiting access to the Core Server port to authorized administrative staff. Additionally, audit and enforce principle of least privilege for user accounts with access to Endpoint Manager administration functions, and monitor audit logs for unusual credential retrieval or API method calls. Disable or restrict the dangerous exposed method via application configuration if supported by your Endpoint Manager version; consult vendor documentation for method-specific hardening options. These compensating controls reduce but do not eliminate risk - patching remains the primary remediation.

More in Ivanti

View all
CVE-2024-7593 CRITICAL POC
9.8 Aug 13

Authentication bypass in Ivanti Virtual Traffic Manager (vTM) admin panel allows remote unauthenticated attackers to gai

CVE-2024-13159 CRITICAL POC
9.8 Jan 14

Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to l

CVE-2024-13160 CRITICAL POC
9.8 Jan 14

Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosu

CVE-2024-13161 CRITICAL POC
9.8 Jan 14

Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosur

CVE-2025-0282 CRITICAL POC
9.0 Jan 08

Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated

CVE-2025-4427 MEDIUM POC
5.3 May 13

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to a

CVE-2026-1281 CRITICAL POC
9.8 Jan 29

Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that al

CVE-2026-1340 CRITICAL POC
9.8 Jan 29

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to a

CVE-2025-22457 CRITICAL POC
9.0 Apr 03

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated re

CVE-2025-4428 HIGH POC
7.2 May 13

Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authentica

CVE-2026-1603 HIGH POC
8.6 Feb 10

Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthen

CVE-2026-10520 CRITICAL POC
10.0 Jun 09

Remote code execution in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows unauthenticated remote attackers to a

Share

CVE-2026-8109 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy