CVE-2026-1603 is an authentication bypass vulnerability in Ivanti Endpoint Manager that allows remote unauthenticated attackers to leak stored credential data. This vulnerability is actively exploited according to CISA KEV listing and can be directly exploited against internet-facing EPM instances.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-02-10
Added to CISA KEV: 2026-03-09 27 DAYS BETWEEN CVE AND KEV
CVE-2026-1603 is an authentication bypass vulnerability affecting Ivanti Endpoint Manager (EPM) prior to version 2024 SU5. The vulnerability allows a remote attacker to access stored credential data without proper authentication. Ivanti assigns a CVSS v3 score of 8.6, while NVD lists a score of 7.5. Successful exploitation could allow an attacker to retrieve sensitive credential information and perform unauthorized actions within the EPM environment.
CVE-2026-1281 and CVE-2026-1340 are actively exploited RCE flaws in Ivanti EPMM. Verify exposure and confirm remediation with NodeZero Rapid Response.CVE-2026-1281 and CVE-2026-1340 are critical code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities allow unauthenticated remote code execution via specially crafted HTTP requests. Both carry a CVSS v3 score of 9.8. Ivanti confirmed that these vulnerabilities have been actively exploited as zero-days in the wild.
CVE-2026-1603 : An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific store...The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities. # ID. Name.
CVE-2026-1603 Detail. Description. An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.Reference Type. ivanti: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US Types: Vendor Advisory.
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...