ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog lists CVE-2026-1603, an Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. The entry notes that this vulnerability is related to CWE-288 and asks organisations to apply mitigations per vendor instructions, follow relevant cloud-service guidance, or discontinue use of the product if mitigations are unavailable.
Date Added is 9 March 2026 and the Due Date is 23 March 2026. The catalog also states that the vulnerability is Known To Be Used in Ransomware Campaigns? Unknown. Links provided include advisories and CVE details for further context.