What is the CVSS score of EUVD-2026-29488?

EUVD-2026-29488 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.9%.

Which versions of Ivanti Virtual Traffic Manager are affected by EUVD-2026-29488?

Ivanti Virtual Traffic Manager versions prior to 22.9r4 contain a remote code execution vulnerability that allows authenticated administrators to execute arbitrary commands, potentially compromising…

Ivanti Virtual Traffic Manager EUVD-2026-29488

| CVE-2026-8051 HIGH

OS Command Injection (CWE-78)

2026-05-12 ivanti

GHSA-3rm6-879f-q3r2

RCE Command Injection Ivanti

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 12, 2026 - 15:31 vuln.today

CVE Published

May 12, 2026 - 14:24 nvd

HIGH 7.2

DescriptionNVD

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

AnalysisAI

Remote code execution in Ivanti Virtual Traffic Manager allows authenticated administrators to execute arbitrary OS commands via command injection. Affects all versions before 22.9r4. …

RemediationAI

Within 24 hours: Inventory all Ivanti Virtual Traffic Manager deployments and document current versions. Within 7 days: Implement privileged access management (PAM) controls to restrict and monitor administrative account usage; disable or isolate instances running versions before 22.9r4 if feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory