VYPR
Medium severity6.5NVD Advisory· Published May 12, 2026· Updated May 12, 2026

CVE-2026-8109

CVE-2026-8109

Description

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.

Affected products

9
  • cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*range: <=2022
    • cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
    • cpe:2.3:a:ivanti:endpoint_manager:2024:su1:*:*:*:*:*:*
    • cpe:2.3:a:ivanti:endpoint_manager:2024:su2:*:*:*:*:*:*
    • cpe:2.3:a:ivanti:endpoint_manager:2024:su3:*:*:*:*:*:*
    • cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:*:*:*:*:*:*
    • cpe:2.3:a:ivanti:endpoint_manager:2024:su4:*:*:*:*:*:*
    • cpe:2.3:a:ivanti:endpoint_manager:2024:su4_security_release_1:*:*:*:*:*:*
    • cpe:2.3:a:ivanti:endpoint_manager:2024:su5:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

1

News mentions

1