Critical Ivanti ITSM Vulnerability Allows Admin Privilege Escalation
Ivanti has released patches for CVE-2026-9614, a critical vulnerability in its Neurons for ITSM platform that allows authenticated attackers to escalate privileges to administrator level.
Ivanti has disclosed a high-severity vulnerability, tracked as CVE-2026-9614, within its Ivanti Neurons for ITSM platform. This flaw, which carries a CVSS score of 8.8, enables authenticated attackers to escalate their privileges to administrator level, posing a significant risk to enterprise environments. The vulnerability is rooted in improper access control mechanisms (CWE-284) and can be exploited remotely by an attacker with valid credentials, requiring no user interaction.
The attack vector is characterized by low complexity and can be executed over the network, potentially impacting the confidentiality, integrity, and availability of sensitive data and system configurations. Ivanti Neurons for ITSM is a widely adopted platform for managing IT service workflows, including ticketing, asset tracking, and automation. Gaining administrative access to such a system could expose critical organizational data and allow threat actors to establish persistent backdoors or manipulate system settings.
This vulnerability specifically affects on-premises versions of Ivanti Neurons for ITSM, including 2025.4 and earlier. Ivanti has responded by releasing patches for version 2025.4 Patch 1, and has also backported fixes to versions 2025.3 Patch 1 and 2025.2 Patch 1. For organizations running these affected on-premises deployments, prompt application of these patches is strongly advised.
Cloud-based deployments of Ivanti Neurons for ITSM have already been secured. Ivanti confirmed that fixes were deployed across all cloud environments during updates rolled out on May 24 and 25, specifically within versions 2026.1 Patch 9 and 2026.2 Patch 1. While additional updates were later issued to address a separate logging issue, these are distinct from the core privilege escalation vulnerability.
At the time of its disclosure, Ivanti stated that there was no evidence of active exploitation of CVE-2026-9614 in the wild. However, due to the ease of exploitation and the potential for severe impact, the company issued an out-of-band security advisory to encourage rapid remediation efforts. No public indicators of compromise (IOCs) have been released in connection with this vulnerability.
Security teams are urged to prioritize patching this vulnerability and to conduct thorough internal reviews of their role-based access controls. Ensuring that administrative privileges are strictly limited to authorized personnel is a crucial mitigation step, as misconfigured roles could exacerbate the risk of exploitation. Given the critical role ITSM platforms play in daily operations, timely remediation is essential to prevent potential abuse by malicious actors.