A critical authentication bypass vulnerability in Ivanti Endpoint Manager, tracked as CVE-2026-1603, is being actively exploited by attackers, according to the US Cybersecurity and Infrastructure Security Agency (CISA). This flaw, which affects EPM versions prior to 2024 SU5, enables remote, unauthenticated attackers to leak stored credential data. CISA has warned that this vulnerability, patched on February 9, is now being exploited in the wild1. Additionally, the agency has updated its directive related to two Cisco Catalyst SD-WAN flaws that were recently fixed after being used in zero-day attacks. The active exploitation of CVE-2026-1603 underscores the need for prompt patching, particularly for organizations using affected Ivanti EPM versions. So what matters to practitioners is that they must prioritize patching this vulnerability to prevent potential credential leaks and subsequent attacks.
CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws
⚠️ Critical Alert
Why This Matters
CVE-2026-1603 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- CSO Online. (2026, March 11). CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws. *CSO Online*. https://www.csoonline.com/article/4143992/cisa-warns-of-actively-exploited-ivanti-epm-and-cisco-sd-wan-flaws.html
Original Source
CSO Online
Read original →