Skip to main content

Ivanti Secure Access Client CVE-2026-8992

| EUVD-2026-31445 HIGH
Improper Certificate Validation (CWE-295)
2026-05-22 ivanti GHSA-748c-m6r6-qw5q
RCE Ivanti Secure Access Client
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 22, 2026 - 15:00 vuln.today

DescriptionNVD

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.

AnalysisAI

Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run arbitrary code on endpoints by exploiting improper TLS certificate validation, contingent on user interaction (UI:R). No public exploit identified at time of analysis, but the CVSS 8.8 rating and Ivanti's own advisory disclosure mark this as a high-priority client-side risk for organizations using the VPN client.

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

24 hours: Inventory Ivanti Secure Access Client deployments across all endpoints and document installed versions; brief executive and operational teams on risk; implement endpoint-level monitoring and alerting. 7 days: Contact Ivanti for 22.8R6 release timeline; begin EDR deployment or enhancement on affected systems; restrict VPN usage to essential business functions where operationally feasible. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-8992 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy