Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

CISA Warns of Active Exploitation of Recently Patched Ivanti EPM Flaw




CISA warns that a recently patched vulnerability in Ivanti EPM has been actively exploited by malicious actors. This critical flaw allows attackers to bypass authentication and steal sensitive data without user interaction. As a result, the U.S. cybersecurity agency is urging Federal Civilian Executive Branch agencies to patch their systems within three weeks. The increasing sophistication of malware highlights the need for vigilance and proactive measures to prevent cyberattacks.

  • CISA has highlighted a critical vulnerability in Ivanti Endpoint Manager (EPM) that can be exploited without user interaction.
  • The vulnerability, CVE-2026-1603, allows attackers to bypass authentication and steal sensitive credential data.
  • Ivanti EPM is used by over 40,000 companies globally and has been patched by Ivanti with a Security Update (SU5) for Ivanti EPM 2024.
  • CISA has flagged CVE-2026-1603 as actively exploited in attacks, despite the patch being released one month ago.
  • Over 700 Internet-facing Ivanti EPM instances are exposed on the internet, raising concerns among security experts.
  • CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to patch their systems within three weeks by March 23.



    • CISA (Cybersecurity and Infrastructure Security Agency) recently highlighted a critical vulnerability in Ivanti Endpoint Manager (EPM) that has been actively exploited by malicious actors. The security flaw, tracked as CVE-2026-1603, can be exploited without user interaction to bypass authentication and steal sensitive credential data.

    Ivanti EPM is an all-in-one endpoint management solution used by over 40,000 companies across the globe, with more than 7,000 partners worldwide. This widely used software provides system and IT asset management capabilities for managing client devices across various operating systems, including Windows, macOS, Linux, Chrome OS, and IoT platforms.

    The vulnerability in question was patched by Ivanti one month ago, when they released a Security Update (SU5) for Ivanti EPM 2024. This update also addressed an additional SQL injection flaw that allowed remote, authenticated attackers to access arbitrary data from the database.

    Despite the patch being released, CISA has now flagged CVE-2026-1603 as actively exploited in attacks. This means that threat actors have already taken advantage of this vulnerability to launch successful attacks on systems running Ivanti EPM.

    It is worth noting that Ivanti received no reports of exploitation when BleepingComputer reached out for confirmation on Monday, indicating that the company was not aware of any customers being exploited by these vulnerabilities prior to public disclosure. This was made possible through their responsible disclosure program.

    However, the presence of over 700 Internet-facing Ivanti EPM instances exposed on the internet has raised concerns among security experts. The Shadowserver threat monitoring platform tracks these vulnerable systems, most of which are located in North America. It is unclear how many of them remain vulnerable to CVE-2026-1603 attacks.

    CISA added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on Monday, warning that such security bugs are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. As a result, the U.S. cybersecurity agency has ordered Federal Civilian Executive Branch (FCEB) agencies to patch their systems within three weeks, by March 23.

    The fact that threat actors often target Ivanti EPM vulnerabilities in attacks highlights the importance of keeping up-to-date with software updates and security patches. One year ago, CISA warned federal agencies about three other EPM flaws (CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161) that were also exploited by attackers.

    Furthermore, in October 2024, CISA ordered U.S. government agencies to patch another actively exploited EPM flaw (CVE-2024-29824).

    The increasing sophistication of malware and its reliance on exploiting vulnerabilities in widely used software like Ivanti EPM underscore the need for vigilance and proactive measures to prevent cyberattacks. By following best practices for software updates, using reputable security tools, and staying informed about emerging threats, individuals and organizations can reduce their exposure to these types of attacks.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/CISA-Warns-of-Active-Exploitation-of-Recently-Patched-Ivanti-EPM-Flaw-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited/

  • https://www.csoonline.com/article/4104158/hundreds-of-ivanti-epm-systems-exposed-online-as-critical-flaw-patched.html

  • https://nvd.nist.gov/vuln/detail/CVE-2026-1603

  • https://www.cvedetails.com/cve/CVE-2026-1603/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-13159

  • https://www.cvedetails.com/cve/CVE-2024-13159/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-13160

  • https://www.cvedetails.com/cve/CVE-2024-13160/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-13161

  • https://www.cvedetails.com/cve/CVE-2024-13161/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-29824

  • https://www.cvedetails.com/cve/CVE-2024-29824/


    • Published: Tue Mar 10 07:41:40 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us