13
CVEs
1
Critical
10
High
1
KEV
1
PoC
11
Unpatched C/H
0.0%
Patch Rate
0.6%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
10
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (18)
Connect Secure
31
Policy Secure
30
Endpoint Manager
30
Zero Trust Access Gateway
16
Neurons For Secure Access
15
Avalanche
6
Endpoint Manager Mobile
5
Workspace Control
3
Cloud Services Appliance
3
Neurons For Zero Trust Access
2
Secure Access Client
2
Application Control
1
Jwt Attack
1
Security Controls
1
Virtual Application Delivery Controller
1
Virtual Traffic Manager
1
Neurons For Itsm
1
PHP
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-6973 | Remote code execution in Ivanti Endpoint Manager Mobile (EPMM) allows authenticated administrators to execute arbitrary code on the server. Affects EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 through improper input validation vulnerabilities. While requiring high-privilege administrator credentials (CVSS PR:H), the vulnerability enables complete system compromise once authenticated, with high impact to confidentiality, integrity, and availability. No public exploit or active exploitation confirmed at time of analysis. | HIGH | 7.2 | 5.0% | 131 |
KEV
PoC
No patch
|
| CVE-2026-5787 | Certificate validation bypass in Ivanti Endpoint Manager Mobile (EPMM) allows remote unauthenticated attackers to impersonate registered Sentry hosts and fraudulently obtain CA-signed client certificates. Affects all versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1. High-severity network attack (CVSS 8.9) with changed scope indicating potential pivot to additional systems. No active exploitation confirmed in CISA KEV at time of analysis, but Ivanti products are frequent targets requiring immediate patching priority. | HIGH | 8.9 | 0.0% | 65 |
No patch
|
| CVE-2026-5786 | Privilege escalation in Ivanti Endpoint Manager Mobile (EPMM) allows remote authenticated attackers with low-level credentials to gain full administrative access. Affected versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contain an improper access control flaw (CWE-284) that enables credential-holding users to bypass authorization checks and assume administrative privileges. With CVSS 8.8 (High) and network-exploitable attack vector requiring only low privileges, this represents a significant risk for enterprise mobile device management environments, though EPSS data and active exploitation status are not available at time of analysis. | HIGH | 8.8 | 0.4% | 64 |
No patch
|
| CVE-2026-7821 | Improper certificate validation in Ivanti Endpoint Manager Mobile (EPMM) enables remote unauthenticated attackers to enroll restricted devices without authorization, exposing appliance configuration details and compromising enrolled device identity integrity. Affects EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. CVSS 7.4 with high attack complexity suggests exploitation requires specific timing or conditions. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis, though Ivanti products have been frequent targets of nation-state actors in recent years. | HIGH | 7.4 | 0.0% | 57 |
No patch
|
| CVE-2026-5788 | Remote unauthenticated attackers can invoke arbitrary methods in Ivanti Endpoint Manager Mobile (EPMM) via improper access control flaws, enabling authentication bypass and potential system compromise. Affects versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. The CVSS vector indicates network-accessible exploitation with high attack complexity, resulting in high integrity impact and limited confidentiality/availability impact. No active exploitation confirmed via CISA KEV at time of analysis, though the authentication bypass tag and Ivanti's history of targeted attacks warrant elevated monitoring. | HIGH | 7.0 | 0.2% | 55 |
No patch
|
| CVE-2026-8043 | Path traversal in Ivanti Xtraction enables remote authenticated attackers with low-level privileges to read sensitive system files and inject arbitrary HTML into web-accessible directories, creating risks of credential theft, configuration exposure, and client-side attacks against other users. CVSS 9.6 severity driven by scope change (S:C) indicates the attacker can impact resources beyond the vulnerable component. No public exploit or CISA KEV listing identified, but vendor advisory confirms the vulnerability affects all versions prior to 2026.2. | CRITICAL | 9.6 | 0.1% | 48 |
No patch
|
| CVE-2026-8111 | SQL injection in Ivanti Endpoint Manager web console enables authenticated remote attackers to execute arbitrary code on the server. Affects all versions prior to 2024 SU6. Attack requires only low-privilege authenticated access (CVSS PR:L) with low complexity (AC:L), making exploitation straightforward for any authenticated user. Ivanti has released patched version 2024 SU6 per vendor advisory dated May 2026. No CISA KEV listing or public exploit code identified at time of analysis, indicating exploitation not yet confirmed in the wild despite high severity score. | HIGH | 8.8 | 0.3% | 44 |
No patch
|
| CVE-2026-8992 | Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run arbitrary code on endpoints by exploiting improper TLS certificate validation, contingent on user interaction (UI:R). No public exploit identified at time of analysis, but the CVSS 8.8 rating and Ivanti's own advisory disclosure mark this as a high-priority client-side risk for organizations using the VPN client. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-7432 | Race condition in Ivanti Secure Access Client enables local privilege escalation to SYSTEM from low-privileged accounts. Affects versions before 22.8R6. An authenticated local user can exploit timing vulnerabilities in the client software to gain complete system control. While limited to local attack vector (requires existing access to the target system), the low attack complexity (AC:L) and lack of user interaction requirement (UI:N) make this exploitable once local access is achieved. No public exploit code identified at time of analysis, and EPSS risk scoring not yet available for this 2026 CVE. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-8110 | Local privilege escalation in Ivanti Endpoint Manager agent allows authenticated users to gain SYSTEM-level privileges via incorrect file or registry permissions. Affects all versions prior to 2024 SU6. Vendor has released a patch (version 2024 SU6). No evidence of active exploitation or public POC identified at time of analysis, though EPSS data not available. Organizations running EPM agents on managed endpoints should prioritize patching given the high CVSS score (7.8) and potential for lateral movement across enterprise environments. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-8051 | Remote code execution in Ivanti Virtual Traffic Manager allows authenticated administrators to execute arbitrary OS commands via command injection. Affects all versions before 22.9r4. Attack requires network access and administrative credentials but has low complexity (CVSS AC:L). No active exploitation confirmed at time of analysis, though administrative access requirement significantly limits attack surface compared to unauthenticated RCE vulnerabilities. | HIGH | 7.2 | 0.9% | 37 |
No patch
|
| CVE-2026-8109 | Remote authenticated attackers can exploit an exposed dangerous method on the Core Server of Ivanti Endpoint Manager versions before 2024 SU6 to leak access credentials. The vulnerability requires valid authentication credentials to exploit and does not allow code execution or system modification, but compromises confidentiality by exposing sensitive authentication material that could facilitate lateral movement or account takeover. | MEDIUM | 6.5 | 0.1% | 32 |
No patch
|
| CVE-2026-7431 | Ivanti Secure Access Client before version 22.8R6 allows local authenticated users to read or modify sensitive log data through write access to a shared memory section due to incorrect permission assignments on a critical resource. With a CVSS score of 4.4 and a local attack vector requiring authentication, this vulnerability poses a moderate risk to users whose systems are accessed by multiple authenticated accounts. No active exploitation has been publicly confirmed, but the simplicity of the attack (local, low complexity) makes this a practical concern for multi-user systems. | MEDIUM | 4.4 | 0.0% | 22 |
No patch
|