{"cve_id":"CVE-2026-1603","summary":"An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"epss":0.65389,"ranking_epss":0.98477,"kev":true,"propose_action":"Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.","ransomware_campaign":"Unknown","references":["https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1603"],"published_time":"2026-02-10T16:16:10","cpes":["cpe:2.3:a:ivanti:endpoint_manager:2016.4","cpe:2.3:a:ivanti:endpoint_manager:2017.1","cpe:2.3:a:ivanti:endpoint_manager:2017.3","cpe:2.3:a:ivanti:endpoint_manager:2018.1","cpe:2.3:a:ivanti:endpoint_manager:2018.3","cpe:2.3:a:ivanti:endpoint_manager:2019.1","cpe:2.3:a:ivanti:endpoint_manager:2020.1","cpe:2.3:a:ivanti:endpoint_manager:2020.1.1","cpe:2.3:a:ivanti:endpoint_manager:2021.1","cpe:2.3:a:ivanti:endpoint_manager:2021.1.1","cpe:2.3:a:ivanti:endpoint_manager:2022","cpe:2.3:a:ivanti:endpoint_manager:2024","cpe:2.3:a:ivanti:endpoint_manager:7.9.1.285"]}