it

CISA: Recently patched Ivanti EPM flaw now actively exploited

Published: (March 10, 2026 at 07:36 AM EDT)
2 min read
Source: Bleeping Computer

Source: Bleeping Computer

Vulnerability Overview

CISA flagged a high‑severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.

Ivanti’s EPM software is an all‑in‑one endpoint management solution for managing client devices across Windows, macOS, Linux, Chrome OS, and IoT platforms.

The flaw is tracked as CVE‑2026‑1603. It can be exploited by remote threat actors without privileges to bypass authentication and steal credential data in low‑complexity cross‑site scripting attacks that require no user interaction.

Patch Release

Ivanti patched the vulnerability one month ago when it released Ivanti EPM 2024 SU5. The update also addresses an SQL injection flaw that allows remote, authenticated attackers to read arbitrary data from the database.
Security Advisory – EPM February 2026

Exploitation Status

While CISA has now tagged CVE‑2026‑1603 as exploited in the wild, Ivanti reported that it had received no exploitation reports when contacted.

“We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program.” – Ivanti

Exposure Landscape

The Shadowserver threat‑monitoring platform tracks over 700 Internet‑facing Ivanti EPM instances, most of them in North America. No data is available on how many remain vulnerable to CVE‑2026‑1603.

Ivanti EPM instances exposed on the internet (Shadowserver)

CISA Actions

  • Added CVE‑2026‑1603 to the Known Exploited Vulnerabilities (KEV) Catalog on March 9, 2026.
    CISA KEV entry

  • Issued a binding operational directive (BOD 22‑01) requiring Federal Civilian Executive Branch (FCEB) agencies to patch the vulnerability within three weeks (by March 23, 2026).
    BOD 22‑01 details

Historical Context

  • One year ago, CISA warned federal agencies to secure networks against three other EPM flaws (CVE‑2024‑13159, CVE‑2024‑13160, CVE‑2024‑13161) that were actively exploited.
    BleepingComputer report

  • In October 2024, CISA ordered agencies to patch another actively exploited EPM flaw (CVE‑2024‑29824).
    BleepingComputer report

Ivanti Market Presence

Ivanti provides system and IT asset management products to more than 40,000 companies through a network of over 7,000 partners worldwide.

0 views
#it #security #tech-news
View source
Share:
Back to Blog

Related posts

Read more »