Ivanti Endpoint Manager Authentication Flaw Targeted In Ongoing Cyberattacks, CISA Alerts

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical vulnerability in Ivanti Endpoint Manager (EPM) that is being actively targeted in cyberattacks.

This vulnerability, identified as CVE-2026-1603, allows attackers to bypass authentication mechanisms, potentially exposing sensitive data.

This flaw affects Ivanti Endpoint Manager’s authentication processes, enabling a remote unauthenticated attacker to access stored credential data, which could be leveraged in further attacks.

Sponsored

class="wp-block-heading" id="h-overview-of-the-vulnerability">Overview Of The Vulnerability

CVE-2026-1603 is an authentication bypass vulnerability within Ivanti Endpoint Manager, specifically involving an alternate path or channel.

When exploited, this vulnerability allows attackers to bypass authentication protocols, gaining unauthorized access to sensitive information such as stored credentials.

This can lead to a range of security issues, including data leakage, unauthorized actions within the system, and the ability to manipulate and control compromised endpoints.

The vulnerability is categorized under Common Weakness Enumeration (CWE-288), which relates to the improper handling of authentication, a crucial aspect of secure access control in any system.

Once exploited, attackers could access privileged data, potentially gaining further access to corporate networks and escalating attacks.

CISA’s alert indicates that this vulnerability is being actively targeted in the wild. However, it remains unclear whether it is specifically being used in ransomware campaigns.

Given the nature of the vulnerability, its exploitation could be leveraged in various types of cyberattacks, ranging from data theft to more complex network breaches.

Mitigation and Action Recommendations

CISA advises organizations using Ivanti Endpoint Manager to take immediate action by applying available mitigations as outlined by Ivanti.

In particular, Ivanti has provided instructions to help organizations secure their systems and prevent further exploitation of the vulnerability.

Additionally, CISA recommends that organizations follow the applicable guidance in BOD 22-01 for cloud services, which highlights best practices for securing cloud-based infrastructure and minimizing risks.

For organizations unable to implement the mitigations or those lacking patching capabilities, CISA strongly suggests discontinuing the use of Ivanti Endpoint Manager until a proper fix or mitigation is applied.

The deadline for implementing these mitigation strategies is March 23, 2026, making it critical for affected organizations to prioritize this vulnerability in their immediate vulnerability management framework.

This alert is a reminder of the importance of actively managing vulnerabilities and staying up to date with patches and mitigations.

Security professionals should regularly consult the CISA’s Known Exploited Vulnerabilities (KEV) catalog to identify vulnerabilities actively exploited in the wild and incorporate them into their security frameworks.

By taking swift action, organizations can significantly reduce the likelihood of exploitation and mitigate the potential impacts of this authentication bypass vulnerability.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Ivanti Endpoint Manager Authentication Flaw Targeted In Ongoing Cyberattacks, CISA Alerts appeared first on Cyber Security News.