Ivanti has released important security patches for its Endpoint Manager (EPM) software, addressing several vulnerabilities that were brought to light in October 2025. The update includes fixes for both high and medium severity issues that could be exploited remotely.
Key Vulnerabilities Addressed
Among the vulnerabilities, a significant one identified as CVE-2026-1603, is a high-severity authentication bypass flaw. This weakness could potentially expose credential data to unauthorized parties. Another medium-severity issue, tracked as CVE-2026-1602, involves an SQL injection defect. This particular vulnerability could allow attackers with authentication to access arbitrary data within the database.
The resolution of these vulnerabilities comes with the release of EPM 2024 SU5, which also addresses 11 other medium-severity issues disclosed in October. These problems, initially reported to Ivanti in November 2024, were highlighted by Trend Micro’s Zero Day Initiative, although they were not zero-day vulnerabilities in the technical sense.
Security Updates and Recommendations
Ivanti’s efforts to fix these security flaws include previous patches released in November 2025 for two high-severity vulnerabilities. The latest update completes the remediation of all outstanding issues. Importantly, Ivanti has stated that there are no known instances of these vulnerabilities being exploited in the wild. Nonetheless, users are strongly encouraged to upgrade to EPM 2024 SU5 without delay to ensure their systems remain protected.
Additionally, Ivanti has reminded users that EPM version 2022 is no longer supported, having reached its End of Life (EOL). Consequently, users should migrate to a supported version to continue receiving security updates.
Additional Advisory Updates
On the same day, Ivanti updated its advisory regarding two Endpoint Manager Mobile (EPMM) vulnerabilities, which have been exploited as zero-days. These vulnerabilities are tracked as CVE-2026-1281 and CVE-2026-1340 and have a CVSS score of 9.8, indicating their critical nature. They have been used for unauthenticated remote code execution, allowing attackers to deploy web shells and reverse shells for persistence.
Ivanti’s advisory now includes indicators of compromise (IoCs) and a detection script to assist users in identifying potential breaches. The company has also provided guidance to manage false positives in detection.
Staying informed about security updates such as these is crucial in maintaining robust cybersecurity defenses. Users are urged to apply the latest patches promptly and to remain vigilant against potential threats.
