Vulnerability intelligence

CVE-2023-46805

Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

Ivanti Connect Secure and Policy Secure

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

CVSS Score

8.2

High

EPSS — Exploit Probability

94%

Riskier than 100% of all CVEs

Exploitation

Confirmed in the wild

Used in ransomware campaigns

Remediation

Patch available

Federal deadline 2024-01-22

CISA required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2024-01-22.

NVD entry Vendor patch PoC / advisory CISA KEV

1 article across 1 outlet · first covered Apr 6, 2026 · latest Apr 6, 2026

Associated threat actors

Storm-1175

Coverage timeline

Storm-1175 hackers use fresh flaws to drop Medusa ransomware
www.microsoft.com · Apr 6, 2026

Related CVEs — Ivanti

CVE-2026-6973KEV CVE-2026-1340KEV CVE-2026-1281KEV