CVE 8.6 HIGH

CVE-2026-1603_CVE-2026-1603

February 10, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Description

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

AI Analysis

Authentication bypass vulnerability in Ivanti Endpoint Manager allowing remote unauthenticated attackers to leak stored credential data

Basic Information

ID CVE-2026-1603

Source ivanti

Published Feb 10, 2026 at 15:09

Affected Product

Vendor Ivanti

Product Endpoint Manager

Version 2024 SU5

CWE Classification

CWE-288

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Ivanti

Product Endpoint Manager

Version 2024 SU5 and earlier

References

hub.ivanti.com /s/article/Security-Advisory-EPM-February-2026-for-EPM-2024

{
    "lastseen": "",
    "description": "An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.",
    "published": "2026-02-10T15:09:35.459Z",
    "modified": "2026-02-10T15:09:35.459Z",
    "type": "cve",
    "title": "CVE-2026-1603",
    "source": "ivanti",
    "references": "https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US",
    "id": "CVE-2026-1603",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Endpoint Manager",
    "version": "2024 SU5",
    "vendor": "Ivanti",
    "ai_description": "Authentication bypass vulnerability in Ivanti Endpoint Manager allowing remote unauthenticated attackers to leak stored credential data",
    "ai_severity": "High",
    "ai_vendor": "Ivanti",
    "ai_product": "Endpoint Manager",
    "ai_version": "2024 SU5 and earlier",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply