{"id":222104,"date":"2026-03-10T07:36:00","date_gmt":"2026-03-10T11:36:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/10\/recently-patched-ivanti-epm-flaw-now-actively-exploited\/"},"modified":"2026-03-10T17:05:17","modified_gmt":"2026-03-10T21:05:17","slug":"recently-patched-ivanti-epm-flaw-now-actively-exploited","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/10\/recently-patched-ivanti-epm-flaw-now-actively-exploited\/","title":{"rendered":"Recently patched Ivanti EPM flaw now actively exploited"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited\/\">Recently patched Ivanti EPM flaw now actively exploited<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-10 07:36:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.<\/p>\n<p>Ivanti&#8217;s EPM software is an all-in-one endpoint management solution for managing client devices across Windows, macOS, Linux, Chrome OS, and IoT platforms.<\/p>\n<p>Tracked as CVE-2026-1603, this security flaw can be exploited by remote threat actors without privileges to bypass authentication and steal credential data in low-complexity cross-site scripting attacks that require no user interaction.<\/p>\n<p>Ivanti patched the vulnerability one month ago, when it released Ivanti EPM 2024 SU5, which also addresses an SQL injection flaw that allows remote, authenticated attackers to read arbitrary data from the database.<\/p>\n<p>While CISA has now tagged CVE-2026-1603 as exploited in the wild, Ivanti said it received no reports of exploitation when BleepingComputer reached out for confirmation on Monday.<\/p>\n<p>&#8220;We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program,&#8221; Ivanti says in the original advisory.<\/p>\n<p>At the moment, the Shadowserver threat monitoring platform tracks over 700 Internet-facing Ivanti EPM instances, most of them in North America. However, there is no information on how many of them are still vulnerable to CVE-2026-1603 attacks.<\/p>\n<p><img decoding=\"async\" alt=\"Ivanti EPM instances exposed on the internet\" height=\"369\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/u\/1109292\/2026\/Ivanti%20EPM%20instances%20exposed%20on%20the%20internet.png\" width=\"700\"\/>Ivanti EPM instances exposed on the internet (Shadowserver)<\/p>\n<p>Although it didn&#8217;t provide any details on attacks exploiting this flaw, CISA added it to its Known Exploited Vulnerabilities (KEV) Catalog on Monday, warning that such security bugs are &#8220;frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.&#8221;<\/p>\n<p>The U.S. cybersecurity agency has also ordered Federal Civilian Executive Branch (FCEB) agencies to patch their systems within three weeks, by March 23, as mandated by a binding operational&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently patched Ivanti EPM flaw now actively exploited https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited\/ Publish Date: 2026-03-10 07:36:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":222105,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/03\/10\/Ivanti.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-222104","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222104"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222104"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222104\/revisions"}],"predecessor-version":[{"id":222106,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222104\/revisions\/222106"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222105"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}