The U.S. Cybersecurity and Infrastructure Security Agency (CISA) informs users that the Ivanti Endpoint Manager vulnerability is being exploited in the wild. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before March 23, 2026.
Ivanti Endpoint Manager (EPM) is a tool that helps IT administrators manage and secure devices and data across networks. It can manage Windows, macOS, Linux, iOS, and Android devices.
Tracked as CVE-2026-1603, the vulnerability may allow a remote authenticated attacker to leak arbitrary data or compromise user sessions. The vulnerability has a High severity rating with a CVSS score of 8.6.
Ivanti patched the vulnerability last month in their Security Advisory EPM February 2026 for EPM 2024.
Qualys Threat Intelligence assigned a Qualys Vulnerability Score (QVS) of 95 to CVE-2026-20131. Qualys Vulnerability Score (QVS) is a Qualys-assigned score for a vulnerability based on multiple factors associated with the CVE, such as CVSS scores and external threat indicators like active exploitation, exploit code maturity, CISA known exploits, and more.
Affected Versions
The vulnerability affects Ivanti Endpoint Manager 2024 SU4 SR1 and prior.
Mitigation
Users must upgrade to Ivanti Endpoint Manager version 2024 SU5 to patch the vulnerabilities.
For more information, please refer to the Ivanti Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QIDs 386530, 733818, and 530936 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US
