May 2026 Security Advisory Ivanti Secure Access Client (CVE-2026-7431, CVE-2026-7432)

Update 22 May: CVE-2026-8992 has been added to Vulnerability Details Summary Ivanti has released updates for the Ivanti Secure Access Client which addresses one medium severity vulnerability and two High severity vulnerabilities. We are not aware of any customers being exploited by these...

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

CVE-2026-7432

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM...

CVE-2026-8992

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...

CVE-2026-8992

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...

CVE-2026-8992

The CVE-2026-8992 entry concerns Ivanti Secure Access Client, vulnerable prior to version 22.8R6, due to improper certificate validation. The issue allows remote unauthenticated attackers to execute arbitrary code. According to the description and CVSS metrics (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H...

CVE-2026-8992

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...

CVE-2026-8992

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...

PT-2026-42775

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...

Ivanti Secure Access Client 信任管理问题漏洞

Ivanti Secure Access Client is a security software client developed by the American company Ivanti. Versions of Ivanti Secure Access Client prior to 22.8R6 contained a vulnerability related to trust management. This vulnerability stemmed from improper certificate verification, which could allow...

Ivanti Secure Access Client 22.x < 22.8R6 Multiple Vulnerabilities

The Ivanti Secure Access Client installed on the remote host is 22.x prior to 22.8R6. It is, therefore, affected by multiple vulnerabilities: - An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify...

EUVD-2026-29486

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM...

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

CVE-2026-7432

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM...

CVE-2026-7432

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM...

CVE-2026-7431

Affected product: Ivanti Secure Access Client. Vulnerabilities (pre-22.8R6): 7431 involves an incorrect permission assignment on a critical resource, enabling a local authenticated user to read/modify sensitive log data via write access to a shared memory section. 7432 is a race condition that al...

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

Ivanti Secure Access Client 竞争条件问题漏洞

Ivanti Secure Access Client is a security software client developed by the American company Ivanti. Versions of Ivanti Secure Access Client prior to 22.8R6 contained a race condition vulnerability. This vulnerability was caused by race conditions, which could lead to local authenticated users...

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network VPN clients distributed through search engine optimization SEO poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on...

March Security Advisory Ivanti Secure Access Client (ISAC) (CVE-2025-22454)

Summary Ivanti has released updates for Ivanti Secure Access Client ISAC which addresses one high severity vulnerability. Successful exploitation could lead to privilege escalation. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability...