CVE-2026-1603HIGH 7.5CISA KEVEPSS p99.6%

CVE-2026-1603Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability

Ivanti / Endpoint Manager (EPM)

Description

Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.

Scoring

CVSS 3.17.5 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS81.09% probability of exploitation · percentile 99.6% · 2026-06-16T12:03:06Z
Published2026-02-10
Last modified2026-03-10

CISA KEV entry

Added to KEV: 2026-03-09

Underlying weaknesses· 2

CWE-288CWE-306

References

  1. https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1603

2

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live
WeaknessMissing Authentication for Critical Functioncwe-3060%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryIvanti Endpoint Manager (EPM) Authentication Bypass Vulnerabilitykev-cve-2026-16030%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
CVE
CVE-2026-5786
CVE
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
CVE
Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
CVE
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
CVE
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.