Ivanti has revealed a critical vulnerability identified in its Neurons for ITSM platform, which poses a threat of unauthorized administrative access if exploited. This vulnerability, known as CVE-2026-9614, impacts both cloud and on-premises versions and has been rated with a CVSS score of 8.8, highlighting a substantial risk within enterprise settings. The flaw results from inadequate access controls, classified under CWE-284.
Details of the Vulnerability
The vulnerability allows a remote attacker with valid credentials to escalate their privileges without needing user interaction, ultimately gaining administrative access. The flaw can be exploited over a network with low complexity and minimal initial privileges, potentially compromising the confidentiality, integrity, and availability of the system.
Ivanti Neurons for ITSM is a pivotal tool in IT service management, used for tasks such as ticketing and asset tracking. Administrative control over this platform could expose sensitive data and enable attackers to alter system configurations or establish persistent access.
Impact and Mitigation
The vulnerability affects on-premises versions up to 2025.4. Ivanti has released patches to counteract the issue in version 2025.4 Patch 1 and provided fixes for earlier versions 2025.3 Patch 1 and 2025.2 Patch 1. Organizations using impacted versions are urged to update immediately via the Ivanti License System portal.
For cloud users, Ivanti has deployed fixes across all environments, with updates applied on May 24 and 25 in versions 2026.1 Patch 9 and 2026.2 Patch 1. Additionally, a separate logging issue affecting IP address tracking was addressed, though unrelated to the primary vulnerability.
Preventive Measures and Recommendations
At the time of the disclosure, Ivanti reported no evidence of active exploitation, yet the potential impact prompted an urgent security advisory. Organizations are advised to audit their role-based access controls to ensure administrative privileges are appropriately restricted. Misconfigured roles could increase vulnerability to exploitation.
Security teams should prioritize implementing patches and reviewing access permissions within their ITSM systems. Given the critical importance of these platforms in enterprise operations, swift remediation is vital to prevent exploitation by threat actors.
Ivanti encourages organizations to undertake regular security audits to enhance their protection against similar vulnerabilities in the future.
