CVE-2026-1603

HIGH KEV NUCLEI

Ivanti Endpoint Manager < 2024 SU5 - Unauthenticated Credential Data Leak

Title source: llm

Exploitation Summary

CVE-2026-1603 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 9, 2026. A Nuclei detection template is also available.

Description

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Nuclei Templates (1)

Ivanti Endpoint Manager - Authentication Bypass

HIGHVERIFIEDby DhiyaneshDk,watchtowrlabs

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1603

Vendor Advisory

https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US

Scores

CVSS v3 8.6

EPSS 0.5892

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2026-03-09

VulnCheck KEV 2026-02-17

ENISA EUVD EUVD-2026-6842

CWE

CWE-306 CWE-288

Status published

Products (2)

ivanti/endpoint_manager 2024 (8 CPE variants)

ivanti/endpoint_manager < 2024

Published Feb 10, 2026

KEV Added Mar 09, 2026

Tracked Since Feb 18, 2026