cbcvebase.
CVE-2026-1603
published 2026-02-10

CVE-2026-1603: An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

PriorityP193high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2026-03-23
Exploited in the wild
EPSS
81.09%
99.6th percentile
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager< 20242024
ivantiendpoint_manager

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2026-1603 is an authentication bypass in Ivanti EPM exploitable by remote unauthenticated attackers with no user interaction required; monitor for unauthenticated requests to Ivanti EPM endpoints that return or expose credential data
  • CVE-2026-1603 is listed in CISA KEV as actively exploited; treat any unpatched Ivanti EPM instance (pre-2024 SU5) as compromised until verified otherwise
  • ·Ivanti stated no customer exploitation was observed prior to public disclosure; active exploitation was flagged by CISA but Ivanti had not independently confirmed it at time of reporting
  • ·No technical details, exploit code, specific URLs, hashes, or network indicators for CVE-2026-1603 exploitation were published in the available sources; detection must rely on behavioral and version-based signals

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa5.3MEDIUM
vulncheck8.6HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.