Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

AndyC 12 February 2026

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

Pierluigi Paganini
February 12, 2026

Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely.

Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit remotely without credentials to access and steal sensitive login information.

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. 

“An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.” reads the advisory.

The company also fixed a medium-severity SQL injection, tracked as CVE-2026-1602 (CVSS score of 6.5), in Ivanti Endpoint Manager.

“SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.” continues the advisory.

Trend Micro’s ZDI reported the flaws to Ivanti in November 2024, threat actors could exploit the bugs to escalate privileges and run code remotely.

The company said it is not aware of attacks in the wild exploiting these vulnerabilities before public disclosure.

EPM 2024 SU5 addressed both vulnerabilities.

In December, the software firm addressed a newly disclosed vulnerability, tracked as CVE-2025-10573 (CVSS score 9.6), in its Endpoint Manager (EPM) solution.

The vulnerability is a Stored XSS that could allow a remote unauthenticated attacker to execute arbitrary

“Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.” reads the advisory.

The flaw impacts Ivanti Endpoint Manager prior to version 2024 SU4 SR1.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Endpoint Manager)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , ,

More Stories

Volvo Group hit in massive Conduent data breach

Volvo Group hit in massive Conduent data breach

AndyC 12 February 2026
Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were

Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were

AndyC 12 February 2026
Reynolds ransomware uses BYOVD to disable security before encryption

Reynolds ransomware uses BYOVD to disable security before encryption

AndyC 12 February 2026
SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

AndyC 12 February 2026
U.S. CISA adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

AndyC 12 February 2026
Survey Sees Little Post-Quantum Computing Encryption Progress

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days

AndyC 11 February 2026

You may have missed

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

AndyC 12 February 2026
Digital Hygiene for High-Profile Individuals

Digital Hygiene for High-Profile Individuals

AndyC 12 February 2026
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices

AndyC 12 February 2026
Guide to Setting Up OpenID Connect for Enterprises

Guide to Setting Up OpenID Connect for Enterprises

AndyC 12 February 2026
Is SSO the Same as SAML?

Is SSO the Same as SAML?

AndyC 12 February 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.