CVE- 2026-1603 is described as a high-severity authentication bypass in Ivanti Endpoint Manager (EPM) before version 2024 SU5, allowing a remote unauthenticated attacker to leak specific stored credential data and potentially broaden compromise across a network. Ivanti EPM releases addressed two flaws, the other being CVE-2026-1602, a medium-severity SQL injection (CVSS 6.5) that would let a remote attacker who already has some access read arbitrary data from the database.
The advisory notes that an unauthenticated attacker can bypass security checks and access stored secrets without stealing a password first, highlighting the risk of credential theft and lateral movement. The article quotes the advisory and confirms that, at the time of disclosure, there was no evidence of active exploitation, with Ivanti stating they were not aware of customers being exploited. Administrators are urged to upgrade to version 2024 SU5 to mitigate these gaps and reduce data exposure.
According to Security Advisory-EPM-February-2026-for-EPM-2024?language=en_US, the authentication bypass allows a remote unauthenticated attacker to leak specific stored credential data.