EXECUTIVE SUMMARY:
CVE-2026-9614 with a CVSS score of 8.8 is a high‑severity access‑control flaw in Ivanti IT Service Management (ITSM) that affects both the cloud‑based Ivanti Neurons for ITSM service and on‑premises installations running version 2025.4 or any earlier release. The vulnerability stems from improper authentication checks in the platform core, allowing a remote user who can obtain a valid but limited account to bypass normal privilege checks and elevate their rights to full administrator level. Exploitation requires only network access to the ITSM web interface and a low‑privilege authenticated session; no additional user interaction or elevated system privileges are needed. Once the attacker escalates to an administrator, they can modify configuration, extract sensitive data, create or delete service tickets, and potentially gain persistence across the organization’s IT infrastructure. The business impact includes loss of data integrity, unauthorized changes to critical service workflows, disruption of support operations, and exposure to further attacks through the compromised administrative account. Exploitation is possible when the vulnerable instance is exposed to the internet or internal users without additional hardening controls, and when the attacker can obtain any valid user credential.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-9614 with a CVSS score of 8.8 is a high‑severity access‑control flaw in Ivanti IT Service Management (ITSM) that affects both the cloud‑based Ivanti Neurons for ITSM service and on‑premises installations running version 2025.4 or any earlier release. The vulnerability stems from improper authentication checks in the platform core, allowing a remote user who can obtain a valid but limited account to bypass normal privilege checks and elevate their rights to full administrator level. Exploitation requires only network access to the ITSM web interface and a low‑privilege authenticated session; no additional user interaction or elevated system privileges are needed. Once the attacker escalates to an administrator, they can modify configuration, extract sensitive data, create or delete service tickets, and potentially gain persistence across the organization’s IT infrastructure. The business impact includes loss of data integrity, unauthorized changes to critical service workflows, disruption of support operations, and exposure to further attacks through the compromised administrative account. Exploitation is possible when the vulnerable instance is exposed to the internet or internal users without additional hardening controls, and when the attacker can obtain any valid user credential.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/ivanti-itsm-vulnerability-privilege-escalation/