58
CVEs
4
Critical
32
High
4
KEV
2
PoC
34
Unpatched C/H
6.9%
Patch Rate
4.1%
Avg EPSS
Severity Breakdown
CRITICAL
4
HIGH
32
MEDIUM
22
LOW
0
Monthly CVE Trend
Affected Products (18)
Connect Secure
31
Policy Secure
30
Endpoint Manager
30
Zero Trust Access Gateway
16
Neurons For Secure Access
15
Avalanche
6
Endpoint Manager Mobile
5
Workspace Control
3
Cloud Services Appliance
3
Neurons For Zero Trust Access
2
Secure Access Client
2
Application Control
1
Jwt Attack
1
Security Controls
1
Virtual Application Delivery Controller
1
Virtual Traffic Manager
1
Neurons For Itsm
1
PHP
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices. | CRITICAL | 9.8 | 50.9% | 170 |
KEV
PoC
No patch
|
| CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices. | CRITICAL | 9.8 | 64.8% | 164 |
KEV
|
| CVE-2026-1603 | Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthenticated remote attackers to leak stored credential data. KEV-listed with EPSS 43.9%, this vulnerability exposes credentials stored in the endpoint management platform — potentially including service accounts, deployment credentials, and other secrets used to manage the entire endpoint fleet. | HIGH | 8.6 | 43.9% | 137 |
KEV
No patch
|
| CVE-2026-6973 | Remote code execution in Ivanti Endpoint Manager Mobile (EPMM) allows authenticated administrators to execute arbitrary code on the server. Affects EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 through improper input validation vulnerabilities. While requiring high-privilege administrator credentials (CVSS PR:H), the vulnerability enables complete system compromise once authenticated, with high impact to confidentiality, integrity, and availability. No public exploit or active exploitation confirmed at time of analysis. | HIGH | 7.2 | 5.0% | 131 |
KEV
PoC
No patch
|
| CVE-2026-5787 | Certificate validation bypass in Ivanti Endpoint Manager Mobile (EPMM) allows remote unauthenticated attackers to impersonate registered Sentry hosts and fraudulently obtain CA-signed client certificates. Affects all versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1. High-severity network attack (CVSS 8.9) with changed scope indicating potential pivot to additional systems. No active exploitation confirmed in CISA KEV at time of analysis, but Ivanti products are frequent targets requiring immediate patching priority. | HIGH | 8.9 | 0.0% | 65 |
No patch
|
| CVE-2026-5786 | Privilege escalation in Ivanti Endpoint Manager Mobile (EPMM) allows remote authenticated attackers with low-level credentials to gain full administrative access. Affected versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contain an improper access control flaw (CWE-284) that enables credential-holding users to bypass authorization checks and assume administrative privileges. With CVSS 8.8 (High) and network-exploitable attack vector requiring only low privileges, this represents a significant risk for enterprise mobile device management environments, though EPSS data and active exploitation status are not available at time of analysis. | HIGH | 8.8 | 0.4% | 64 |
No patch
|
| CVE-2026-7821 | Improper certificate validation in Ivanti Endpoint Manager Mobile (EPMM) enables remote unauthenticated attackers to enroll restricted devices without authorization, exposing appliance configuration details and compromising enrolled device identity integrity. Affects EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. CVSS 7.4 with high attack complexity suggests exploitation requires specific timing or conditions. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis, though Ivanti products have been frequent targets of nation-state actors in recent years. | HIGH | 7.4 | 0.0% | 57 |
No patch
|
| CVE-2025-6771 | OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution | HIGH | 7.2 | 20.8% | 57 |
No patch
|
| CVE-2026-5788 | Remote unauthenticated attackers can invoke arbitrary methods in Ivanti Endpoint Manager Mobile (EPMM) via improper access control flaws, enabling authentication bypass and potential system compromise. Affects versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. The CVSS vector indicates network-accessible exploitation with high attack complexity, resulting in high integrity impact and limited confidentiality/availability impact. No active exploitation confirmed via CISA KEV at time of analysis, though the authentication bypass tag and Ivanti's history of targeted attacks warrant elevated monitoring. | HIGH | 7.0 | 0.2% | 55 |
No patch
|
| CVE-2023-38036 | CVE-2023-38036 is a critical unauthenticated buffer overflow vulnerability in Ivanti Avalanche Manager prior to version 6.4.1 that allows remote attackers to cause denial of service or achieve arbitrary code execution without authentication. With a CVSS score of 9.8 and network-based attack vector, this vulnerability has significant real-world exploitability risk and affects all organizations deploying vulnerable Avalanche Manager instances. | CRITICAL | 9.8 | 2.2% | 51 |
|
| CVE-2026-8043 | Path traversal in Ivanti Xtraction enables remote authenticated attackers with low-level privileges to read sensitive system files and inject arbitrary HTML into web-accessible directories, creating risks of credential theft, configuration exposure, and client-side attacks against other users. CVSS 9.6 severity driven by scope change (S:C) indicates the attacker can impact resources beyond the vulnerable component. No public exploit or CISA KEV listing identified, but vendor advisory confirms the vulnerability affects all versions prior to 2026.2. | CRITICAL | 9.6 | 0.1% | 48 |
No patch
|
| CVE-2025-6770 | OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution | HIGH | 7.2 | 12.0% | 48 |
No patch
|
| CVE-2025-8297 | Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 7.2 | 9.3% | 45 |
No patch
|
| CVE-2025-22455 | Cryptographic weakness in Ivanti Workspace Control prior to version 10.19.0.0 that uses a hardcoded encryption key to protect SQL database credentials stored locally. A local authenticated attacker with user-level privileges can exploit this to decrypt and extract stored SQL credentials without elevated permissions, potentially leading to lateral movement and data exfiltration. The CVSS 8.8 score reflects high severity due to confidentiality and integrity impacts across system boundaries, though exploitation requires local access and valid authentication. | HIGH | 8.8 | 0.3% | 44 |
No patch
|
| CVE-2025-5353 | Credential disclosure vulnerability in Ivanti Workspace Control versions before 10.19.10.0, where a hardcoded cryptographic key enables local authenticated attackers to decrypt stored SQL database credentials. This allows privilege escalation and lateral movement within enterprise environments. With a CVSS score of 8.8 and local attack vector requiring authentication, exploitation requires internal access but poses significant risk to SQL database security and overall system compromise. | HIGH | 8.8 | 0.3% | 44 |
No patch
|