Bright Nexus

Published on June 3, 2026

Ivanti ITSM Vulnerability Allows Attacker to Gain Admin Privileges

Severity

High


Detail

A high-severity vulnerability has been identified in Ivanti Neurons for ITSM, affecting both cloud and on-premises deployments. The flaw, tracked as CVE-2026-9614 is an improper access control vulnerability that allows an authenticated remote attacker with low-level privileges to escalate privileges and gain administrator-level access to affected environments. According to Ivanti, this flaw can be exploited over a network without user interaction. It poses a significant threat, potentially resulting in the complete compromise of confidentiality, integrity, and availability within the ITSM platform.

Successful exploitation could allow attackers to bypass access restrictions, obtain administrative privileges, manipulate IT service workflows, access sensitive organizational data, modify system configurations, create unauthorized accounts, and potentially use the platform as a pivot point for further attacks within the enterprise environment.

Ivanti disclosed the vulnerability through a security advisory. Although no active exploitation has been reported at the time of disclosure, Ivanti products remain attractive targets for threat actors due to their extensive integration with enterprise infrastructure and privileged operational functions.

CVE IDSummaryCVSS Score
CVE-2026-9614Improper access control vulnerability allowing an authenticated attacker with low-level privileges to escalate privileges and gain administrator-level access in Ivanti Neurons for ITSM.8.8 (High)

Affected Products

The vulnerability affects the following platform versions:

  • Ivanti Neurons for ITSM On-Premises: Version 2025.4 and earlier.
  • Ivanti Neurons for ITSM Cloud (SaaS): Version 2026.1 and earlier.

Recommendation

Organizations are strongly advised to take the following actions to mitigate the risk of exploitation and reduce potential impact:

  • On-premises customers must manually download and apply the appropriate patch (2025.4 Patch 1, 2025.3 Patch 1, or 2025.2 Patch 1) from the Ivanti License System (ILS).
  • Monitor ITSM environments for suspicious privilege escalation attempts and unusual administrative activity.
  • Audit system logs for unexpected account creation, role modifications, or administrative API usage.
  • Restrict network exposure of ITSM management interfaces and enforce least-privilege access controls.

For cloud (SaaS) customers, no action is required as Ivanti has already applied the necessary security updates to all managed cloud environments.

Source

https://cyberpress.org/ivanti-itsm-vulnerability/

https://nvd.nist.gov/vuln/detail/CVE-2026-9614