CISA Warns About Ivanti EPM Vulnerability Exploited in Attacks (CVE-2026-1603)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) informs users that the Ivanti Endpoint Manager vulnerability is being exploited in the wild. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before March 23, 2026.

Ivanti Endpoint Manager (EPM) is a tool that helps IT administrators manage and secure devices and data across networks. It can manage Windows, macOS, Linux, iOS, and Android devices.

Tracked as CVE-2026-1603, the vulnerability may allow a remote authenticated attacker to leak arbitrary data or compromise user sessions. The vulnerability has a High severity rating with a CVSS score of 8.6.

Ivanti patched the vulnerability last month in their Security Advisory EPM February 2026 for EPM 2024.

Affected Versions

The vulnerability affects Ivanti Endpoint Manager 2024 SU4 SR1 and prior.

Mitigation

Users must upgrade to Ivanti Endpoint Manager version 2024 SU5 to patch the vulnerabilities.

For more information, please refer to the Ivanti Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 386530 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US