**Multiple Endpoint Manager Bugs Patched by Ivanti, Including Remote Auth Bypass**

Ivanti has released patches for over a dozen vulnerabilities in its Endpoint Manager solution, including a high-severity authentication bypass that allowed attackers to steal credentials remotely.

The update addresses a critical flaw tracked as CVE-2026-1603 (CVSS score of 8.6), which allowed attackers to bypass authentication and access sensitive login information without credentials.

The vulnerability, disclosed in October 2025, affects Ivanti Endpoint Manager versions prior to 2024 SU5, allowing a remote unauthenticated attacker to leak specific stored credential data.

In addition to the authentication bypass, Ivanti has also fixed a medium-severity SQL injection tracked as CVE-2026-1602 (CVSS score of 6.5), which enabled a remote authenticated attacker to read arbitrary data from the database.

The flaws were reported by Trend Micro's ZDI in November 2024, and threat actors could have exploited them to escalate privileges and run code remotely. However, Ivanti stated that it is not aware of any attacks in the wild exploiting these vulnerabilities before public disclosure.

The patches for both vulnerabilities are included in EPM 2024 SU5. In December, the software firm addressed a newly disclosed vulnerability tracked as CVE-2025-10573 (CVSS score of 9.6) in its Endpoint Manager solution.

The vulnerability is a stored cross-site scripting (XSS) flaw that allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session, requiring user interaction.

The flaw impacts Ivanti Endpoint Manager prior to version 2024 SU4 SR1. It is essential for organizations using Ivanti's Endpoint Manager solution to update their systems as soon as possible to ensure the security and integrity of their networks.