6
CVEs
2
Critical
3
High
3
KEV
1
PoC
4
Unpatched C/H
16.7%
Patch Rate
26.6%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
3
MEDIUM
1
LOW
0
Monthly CVE Trend
Affected Products (22)
Connect Secure
31
Endpoint Manager
30
Policy Secure
30
Zero Trust Access Gateway
16
Neurons For Secure Access
15
Avalanche
6
Stack Overflow
5
Endpoint Manager Mobile
5
Memory Corruption
5
Command Injection
3
Cloud Services Appliance
3
Workspace Control
3
Neurons For Zero Trust Access
2
Jwt Attack
1
Neurons For Itsm
1
Deserialization
1
Virtual Application Delivery Controller
1
Security Controls
1
Application Control
1
Heap Overflow
1
Secure Access Client
1
PHP
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices. | CRITICAL | 9.8 | 50.9% | 170 |
KEV
PoC
No patch
|
| CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices. | CRITICAL | 9.8 | 64.8% | 164 |
KEV
|
| CVE-2026-1603 | Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthenticated remote attackers to leak stored credential data. KEV-listed with EPSS 43.9%, this vulnerability exposes credentials stored in the endpoint management platform — potentially including service accounts, deployment credentials, and other secrets used to manage the entire endpoint fleet. | HIGH | 8.6 | 43.9% | 137 |
KEV
No patch
|
| CVE-2026-3483 | Privilege escalation in Ivanti DSM versions before 2026.1.1 stems from an exposed dangerous method that allows authenticated local users to gain elevated system privileges. An attacker with local access could exploit this vulnerability to obtain high-level permissions, compromising system integrity and confidentiality. No patch is currently available for this issue. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-1602 | Authenticated attackers can exploit SQL injection in Ivanti Endpoint Manager prior to version 2024 SU5 to extract sensitive data from the underlying database. This network-accessible vulnerability requires valid credentials but allows unauthorized information disclosure with no user interaction needed. No patch is currently available for affected systems. | MEDIUM | 6.5 | 0.1% | 33 |
No patch
|
| CVE-2025-10918 | Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.1 | 0.1% | – |
No patch
|