CVE-2026-1603 is an authentication bypass vulnerability in Ivanti Endpoint Manager that allows remote unauthenticated attackers to leak stored credential data. This vulnerability is actively exploited according to CISA KEV listing and can be directly exploited against internet-facing EPM instances.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-02-10
Added to CISA KEV: 2026-03-09 27 DAYS BETWEEN CVE AND KEV
Here's a breakdown of what is known about its exploitation:
CVE-2026-1603 is an authentication bypass vulnerability affecting Ivanti Endpoint Manager (EPM) prior to version 2024 SU5. The vulnerability allows a remote attacker to access stored credential data without proper authentication. Ivanti assigns a CVSS v3 score of 8.6, while NVD lists a score of 7.5.
CVE-2026-1281 and CVE-2026-1340 are actively exploited RCE flaws in Ivanti EPMM. Verify exposure and confirm remediation with NodeZero Rapid Response.CVE-2026-1281 and CVE-2026-1340 are critical code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities allow…
CVE-2026-1603 : An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific store...The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that…
CVE-2026-1603 Detail. Description. An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.Reference Type. ivanti: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?la…
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…