CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Mar 23, 2026
Description
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.
EPSS — Exploit Probability
Higher than 98.5% of all CVEs
Required Action
https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
Related Articles (4)
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
Mar 9, 2026
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
CISA adds 3 exploited flaws—SolarWinds, Ivanti, Workspace One—to KEV after attacks, forcing federal patch deadlines in March 2026.
Mar 10, 2026
Recent Ivanti Endpoint Manager Flaw Exploited in Attacks
CISA has added the high-severity authentication bypass vulnerability to its KEV list, along with SolarWinds and Workspace One bugs.
Mar 10, 2026
CISA: Recently patched Ivanti EPM flaw now actively exploited
CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.
Mar 10, 2026
Risk Assessment
HIGHDetails
- Severity
- High
- EPSS
- 65.4%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 4
Timeline
Published
Mar 9, 2026
Added to KEV
Mar 9, 2026
Remediation Due
Mar 23, 2026