Ivanti has issued critical security updates to address more than a dozen vulnerabilities in its Endpoint Manager software, including a high-severity authentication bypass. This specific flaw, identified as CVE-2026-1603, allows remote attackers to bypass security protocols and steal sensitive login credentials without requiring any prior access.
Ivanti recently deployed a comprehensive set of patches for its Endpoint Manager platform to mitigate several security risks discovered in late 2025 and early 2026. The most pressing fix targets an authentication bypass vulnerability that received a high-severity CVSS score of 8.6. This bug is particularly dangerous because it enables unauthenticated individuals to remotely access the system and leak specific stored credential data, potentially compromising the entire network managed by the software.
In addition to the credential theft flaw, the update resolves a medium-severity SQL injection vulnerability tracked as CVE-2026-1602. This secondary issue could allow an authenticated attacker to execute unauthorized database queries and extract arbitrary information. While this requires an existing account, it still poses a significant risk for privilege escalation or internal data breaches if left unpatched.
These vulnerabilities were originally reported to Ivanti by researchers at Trend Micro’s Zero Day Initiative. Experts warned that if these flaws were chained together or exploited individually, threat actors could gain the ability to escalate their privileges or execute malicious code across the environment. Ivanti has stated that, at the time of the patch release, they had not observed any evidence of these specific bugs being exploited by hackers in the wild.
The current security release follows a pattern of high-stakes updates for the company, including a fix for a stored cross-site scripting flaw disclosed in December. That previous vulnerability, carrying a nearly perfect severity score of 9.6, allowed attackers to execute arbitrary JavaScript within an administrator's session. These ongoing disclosures highlight a period of intense security scrutiny for the Endpoint Manager solution as researchers uncover various ways attackers might bypass its defenses.
To ensure protection against these threats, administrators are urged to update to Ivanti Endpoint Manager version 2024 SU5 immediately. This latest version consolidates the fixes for the authentication bypass, the SQL injection, and several other flaws reported over the last several months. By applying these updates, organizations can secure their administrative sessions and prevent remote attackers from gaining a foothold in their credential management systems.
Source: Ivanti Patches Multiple Endpoint Manager Bugs, Including Remote Auth Bypass