Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager

HomeCyber Security News Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager By Guru Baran May 12, 2026 Ivanti has released its May 2026 Patch Tuesday security updates, disclosing vulnerabilities across four products while revealing that artificial intelligence tools are already helping its engineers uncover flaws that traditional scanners miss and warning that AI-driven discovery will likely accelerate future disclosure volumes. Ivanti Patches Multiple Vulnerabilities The company addressed vulnerabilities in four distinct products on May 13, 2026: Ivanti Secure Access Client — CVE-2026-7431 and CVE-2026-7432 Ivanti Xtraction — CVE-2026-8043 Ivanti Virtual Traffic Manager (vTM) — CVE-2026-8051 Ivanti Endpoint Manager (EPM) — CVE-2026-8109, CVE-2026-8110, CVE-2026-811 Ivanti confirmed that none of these vulnerabilities have been exploited in the wild and that they do not affect any other Ivanti solutions. Ivanti Secure Access Client CVE-2026-7431 — Sensitive Log Data Exposure A flaw in Ivanti Secure Access Client before 22.8R6 stems from incorrect permission assignment (CWE-732) on a shared memory section. A local authenticated attacker can read or modify sensitive log data. The attack is local-only and requires no user interaction, limiting its blast radius but posing a real risk in multi-user or shared endpoint environments. CVE-2026-7432 Local Privilege Escalation to SYSTEM A race condition (CWE-362) in Ivanti Secure Access Client before 22.8R6 lets a locally authenticated attacker win a timing window to escalate privileges to SYSTEM. With full confidentiality, integrity, and availability impact, this is a classic LPE flaw that threat actors frequently chain with initial access exploits to achieve full machine takeover. Ivanti Xtraction CVE-2026-8043 — Path Traversal & Arbitrary File Write The most severe vulnerability in this advisory batch affects Ivanti Xtraction before version 2026.2. Classified under CWE-22 (Path Traversal) and CWE-73 (External Control of File Name), a remote authenticated attacker can read sensitive server-side files and write arbitrary HTML to the web directory, enabling stored cross-site scripting or web shell staging. Ivanti Virtual Traffic Manager (vTM) CVE-2026-8051 — OS Command Injection An OS command injection flaw (CWE-78) in the Ivanti Virtual Traffic Manager before 22.9r4 admin interface. A remote attacker with admin credentials can inject OS-level commands to achieve full remote code execution on the appliance. While admin privileges are required (PR: H), vTM sits at a critical network chokepoint, making compromise of this device catastrophic for traffic routing and inspection. Ivanti Endpoint Manager CVE-2026-8109 — Credential Leakage An exposed dangerous method (CWE-749) on the Ivanti Endpoint Manager Core Server before 2024 SU6 allows a remote authenticated attacker to exfiltrate access credentials from the server. With a high confidentiality impact and no integrity or availability effect, this is a credential harvesting vector that could enable lateral movement or privilege escalation across managed endpoints. CVE-2026-8110 — Agent Privilege Escalation Incorrect permissions assignment (CWE-732) in the Ivanti EPM agent before 2024 SU6 allows a local authenticated attacker to escalate privileges on the endpoint. Mirroring CVE-2026-7432 in attack pattern, this flaw is particularly dangerous in enterprise environments where EPM agents are deployed broadly across thousands of managed devices. CVE-2026-8111 — SQL Injection Leading to RCE A SQL injection vulnerability (CWE-89) in the Ivanti EPM web console before 2024 SU6 allows any remote authenticated attacker to achieve remote code execution — no admin rights required (PR:L). This is the most dangerous network-facing EPM flaw in the batch; SQL injection-to-RCE chains in web consoles are well-documented, easy to weaponize, and frequently targeted by ransomware operators and nation-state actors alike. Ivanti disclosed that its security team has integrated multiple large language models (LLMs) into its Engineering and Product Security Red Team workflows in recent months. According to the company, these AI tools are proving effective at identifying vulnerability classes that traditional static and dynamic analysis tools, SAST and DAST, routinely miss. Ivanti confirmed that several of the vulnerabilities disclosed today were discovered directly through AI-assisted review rather than conventional tooling. The company acknowledged a pointed reality facing the entire industry: AI is compressing the time-to-exploit. Threat actors are leveraging automation and machine learning to weaponize newly disclosed flaws faster than ever before. Ivanti’s answer is to use the same technology category offensively within its own red teams, finding and fixing issues before attackers can weaponize them. Security teams running any of the four affected products should prioritize patching immediately, even in the absence of active exploitation. Given Ivanti’s history as a high-value target for nation-state and ransomware threat actors, unpatched instances carry outsized risk. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security news vulnerability Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News CISA Warns of Palo Alto PAN-OS Vulnerability Exploited to Gain Root Access 28 Fake Call History Apps on Google Play with 7.3M+ Downloads Trick Users to Steal Payments Darkhub Hacking-for-Hire Portal Advertises Crypto Fraud, Message Interception, and Monitoring Iranian-Nexus Operation Targets Oman Ministries With Webshells, SQL Escalation, and Data Theft Let’s Encrypt Halts Certificate Issuance After Cross-Signed Root Certificate Incident Latest News Cyber Security News Threat Actors Leverage Vercel’s AI Tools to Mass‑Produce Realistic Phishing Sites Cyber Security News Zoom Rooms and Workplace Vulnerabilities Allow Attackers to Escalate Privileges Cyber Security News New Stealthy Vidar Stealer Campaign Bypass EDR and Steal Credentials Cyber Security News SAP Patches Critical SQL injection Vulnerability in SAP S/4HANA Cyber Security News Hackers Hijack Microsoft Teams Accounts to Deliver ModeloRAT