[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-1603":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-07T09:11:40.124Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":54,"aliases":55,"duplicate_of":9,"upstream":56,"downstream":57,"duplicates":58,"related":59,"reserved_at":9,"published_at":60,"modified_at":61,"state":62,"summary":63,"references_raw":74,"kevs":87,"epss":98,"epss_history":101,"metrics":261,"affected":272},"CVE-2026-1603","An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.",null,[11,27],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-288","Authentication Bypass Using an Alternate Path or Channel","The product requires authentication, but the product has an alternate path or channel that does not require authentication.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-127","Directory Indexing",[],{"id":24,"name":25,"techniques":26},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[],{"_key":28,"id":28,"name":29,"description":30,"type":15,"status":31,"abstraction":17,"likelihood_of_exploit":32,"capec":33},"CWE-306","Missing Authentication for Critical Function","The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","Draft","High",[34,38,42,46,50],{"id":35,"name":36,"techniques":37},"CAPEC-12","Choosing Message Identifier",[],{"id":39,"name":40,"techniques":41},"CAPEC-166","Force the System to Reset Values",[],{"id":43,"name":44,"techniques":45},"CAPEC-216","Communication Channel Manipulation",[],{"id":47,"name":48,"techniques":49},"CAPEC-36","Using Unpublished Interfaces or Functionality",[],{"id":51,"name":52,"techniques":53},"CAPEC-62","Cross Site Request Forgery",[],[],[],[],[],[],[],"2026-02-10T15:09:35.459Z","2026-03-10T03:55:23.819Z","Analyzed",{"cisa_kev":64,"cisa_ransomware":65,"cisa_vendor":66,"epss_severity":67,"epss_score":68,"severity":69,"severity_score":70,"severity_version":71,"severity_source":72,"severity_vector":73,"severity_status":62},true,false,"Ivanti","critical",0.57911,"high",8.6,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",[75,81],{"url":76,"sources":77,"tags":79},"https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US",[72,78],"nvd",[80],"Vendor Advisory",{"url":82,"sources":83,"tags":84},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1603",[72,78],[85,86],"Government Resource","US Government Resource",[88],{"source":89,"vendor":66,"product":90,"date_added":91,"vulnerability_name":92,"short_description":93,"required_action":94,"due_date":95,"known_ransomware_campaign_use":96,"notes":97,"exploitation_type":9},"cisa","Endpoint Manager (EPM)","2026-03-09","Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability","Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-03-23","Unknown","https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603",{"date":99,"score":68,"percentile":100},"2026-04-06",0.98172,[102,106,109,113,116,119,123,127,131,135,138,141,143,146,148,151,153,156,158,161,164,167,170,173,176,179,181,182,186,190,192,195,199,201,204,207,210,213,216,220,222,224,227,230,233,236,239,242,244,247,249,252,255,258,260],{"date":103,"score":104,"percentile":105},"2026-02-11",0.00155,0.36261,{"date":107,"score":104,"percentile":108},"2026-02-12",0.36288,{"date":110,"score":111,"percentile":112},"2026-02-13",0.0018,0.39532,{"date":114,"score":111,"percentile":115},"2026-02-14",0.39525,{"date":117,"score":111,"percentile":118},"2026-02-15",0.39503,{"date":120,"score":121,"percentile":122},"2026-02-16",0.00215,0.43804,{"date":124,"score":125,"percentile":126},"2026-02-17",0.10144,0.92935,{"date":128,"score":129,"percentile":130},"2026-02-18",0.13358,0.94012,{"date":132,"score":133,"percentile":134},"2026-02-19",0.11742,0.93538,{"date":136,"score":133,"percentile":137},"2026-02-20",0.93541,{"date":139,"score":133,"percentile":140},"2026-02-21",0.93547,{"date":142,"score":133,"percentile":140},"2026-02-22",{"date":144,"score":133,"percentile":145},"2026-02-23",0.93548,{"date":147,"score":133,"percentile":145},"2026-02-24",{"date":149,"score":133,"percentile":150},"2026-02-25",0.93549,{"date":152,"score":133,"percentile":145},"2026-02-26",{"date":154,"score":133,"percentile":155},"2026-02-27",0.93551,{"date":157,"score":133,"percentile":155},"2026-02-28",{"date":159,"score":133,"percentile":160},"2026-03-01",0.93585,{"date":162,"score":133,"percentile":163},"2026-03-02",0.93589,{"date":165,"score":133,"percentile":166},"2026-03-03",0.93593,{"date":168,"score":133,"percentile":169},"2026-03-04",0.93558,{"date":171,"score":133,"percentile":172},"2026-03-05",0.93567,{"date":174,"score":133,"percentile":175},"2026-03-06",0.9357,{"date":177,"score":133,"percentile":178},"2026-03-07",0.93571,{"date":180,"score":133,"percentile":178},"2026-03-08",{"date":91,"score":133,"percentile":178},{"date":183,"score":184,"percentile":185},"2026-03-10",0.6772,0.98546,{"date":187,"score":188,"percentile":189},"2026-03-11",0.4388,0.97468,{"date":191,"score":188,"percentile":189},"2026-03-12",{"date":193,"score":188,"percentile":194},"2026-03-13",0.9747,{"date":196,"score":197,"percentile":198},"2026-03-14",0.45724,0.9756,{"date":200,"score":197,"percentile":198},"2026-03-15",{"date":202,"score":197,"percentile":203},"2026-03-16",0.97563,{"date":205,"score":197,"percentile":206},"2026-03-17",0.97569,{"date":208,"score":197,"percentile":209},"2026-03-18",0.9757,{"date":211,"score":197,"percentile":212},"2026-03-19",0.97571,{"date":214,"score":197,"percentile":215},"2026-03-20",0.97574,{"date":217,"score":218,"percentile":219},"2026-03-21",0.65389,0.98464,{"date":221,"score":218,"percentile":219},"2026-03-22",{"date":95,"score":218,"percentile":223},0.98466,{"date":225,"score":218,"percentile":226},"2026-03-24",0.98467,{"date":228,"score":218,"percentile":229},"2026-03-25",0.98468,{"date":231,"score":218,"percentile":232},"2026-03-26",0.98469,{"date":234,"score":218,"percentile":235},"2026-03-27",0.98472,{"date":237,"score":218,"percentile":238},"2026-03-28",0.98473,{"date":240,"score":218,"percentile":241},"2026-03-29",0.98474,{"date":243,"score":218,"percentile":241},"2026-03-30",{"date":245,"score":218,"percentile":246},"2026-03-31",0.98475,{"date":248,"score":218,"percentile":241},"2026-04-01",{"date":250,"score":218,"percentile":251},"2026-04-02",0.98476,{"date":253,"score":218,"percentile":254},"2026-04-03",0.98477,{"date":256,"score":218,"percentile":257},"2026-04-04",0.9848,{"date":259,"score":218,"percentile":257},"2026-04-05",{"date":99,"score":68,"percentile":100},[262,267],{"source":72,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":263,"cvss_v4_0":9},{"baseScore":70,"baseSeverity":264,"vectorString":73,"impactScore":265,"exploitabilityScore":266},"HIGH",6.7,10,{"source":78,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":268,"cvss_v4_0":9},{"baseScore":269,"baseSeverity":264,"vectorString":270,"impactScore":271,"exploitabilityScore":266},7.5,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",6,[273],{"ecosystem":9,"name":274,"vendor":275,"product":276,"cpe_part":277,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":278},"endpoint manager","ivanti","endpoint_manager","a",[279,282,286,287,289,291,293,295,297],{"version":280,"is_range":65,"range_type":281,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2024:su4_sr1","cpe",{"version":283,"is_range":64,"range_type":281,"version_start":9,"version_start_type":9,"version_end":284,"version_end_type":285,"fixed_in":9},"lt2024","2024","excluding",{"version":284,"is_range":65,"range_type":281,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":288,"is_range":65,"range_type":281,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2024:su1",{"version":290,"is_range":65,"range_type":281,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2024:su2",{"version":292,"is_range":65,"range_type":281,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2024:su3",{"version":294,"is_range":65,"range_type":281,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2024:su3_security_release_1",{"version":296,"is_range":65,"range_type":281,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2024:su4",{"version":298,"is_range":65,"range_type":281,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2024:su4_security_release_1"]