EXECUTIVE SUMMARY:[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:[emaillocker id="1283"]
CVE-2026-7431 with a CVSS score of 4.4 – This flaw in Ivanti Secure Access Client stems from incorrect permission assignment on a shared memory section. A local authenticated attacker can read or modify sensitive log data, limiting its blast radius but posing a real risk in multi-user or shared endpoint environments. CVE-2026-7432 with a CVSS score of 7.8 – A race condition in Ivanti Secure Access Client lets a locally authenticated attacker win a timing window to escalate privileges to SYSTEM, resulting in a classic LPE flaw that threat actors frequently chain with initial access exploits to achieve full machine takeover. CVE-2026-8043 with a CVSS score of 9.6 – The most severe vulnerability in this advisory batch affects Ivanti Xtraction before version. A remote authenticated attacker can read sensitive server-side files and write arbitrary HTML to the web directory, enabling stored cross-site scripting or web shell staging. CVE-2026-8051 with a CVSS score of 7.2 – An OS command injection flaw in the Ivanti Virtual Traffic Manager before admin interface allows a remote attacker with admin credentials to inject OS-level commands to achieve full remote code execution on the appliance. CVE-2026-8109 with a CVSS score of 6.5 – An exposed dangerous method on the Ivanti Endpoint Manager Core Server before 2024 SU6 allows a remote authenticated attacker to exfiltrate access credentials from the server, resulting in a credential harvesting vector that could enable lateral movement or privilege escalation across managed endpoints. CVE-2026-8110 with a CVSS score of 7.8 – Incorrect permissions assignment in the Ivanti EPM agent allows a local authenticated attacker to escalate privileges on the endpoint, mirroring a similar attack pattern and posing a significant risk in enterprise environments. CVE-2026-8111 with a CVSS score of 8.8 – A SQL injection vulnerability in the Ivanti EPM web console before 2024 SU6 allows any remote authenticated attacker to achieve remote code execution, no admin rights required, posing a significant risk to network-facing EPM installations.
RECOMMENDATION:
We recommend you to update Ivanti Secure Access Client to version 22.8R6 or later, Ivanti Xtraction to version 2026.2 or later, Ivanti Virtual Traffic Manager to version 22.9r4 or later and Ivanti Endpoint Manager to version 2024 SU6 or later.
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/ivanti-patches-multiple-vulnerabilities/