What is the severity of CVE-2026-1602?

CVE-2026-1602 has a severity rating of MEDIUM with a CVSS base score of 6.5.

CVE-2026-1602 | Medium Vulnerability in Ivanti Endpoint Manager

Q: What is CVE-2026-1602?

A medium severity SQL injection vulnerability in Ivanti Endpoint Manager allows remote authenticated attackers to read arbitrary data from the database. Organizations using affected versions should prioritize patching to mitigate potential risks.

CVE-2026-1602 is a SQL injection vulnerability in Ivanti Endpoint Manager prior to version 2024 SU5. This vulnerability allows remote authenticated attackers to read arbitrary data from the database, which can lead to unauthorized access to sensitive information. The CVSS score of 6.5 indicates a medium severity level, emphasizing the need for organizations to take action.

Organizations that utilize Ivanti Endpoint Manager should be aware that this vulnerability poses a significant risk. Attackers may leverage this vulnerability to gain access to sensitive information, which can be detrimental to the organization’s security posture. It is crucial for defenders to act swiftly in addressing this issue.

With the publication date of February 10, 2026, and the analysis status being reported, organizations should prioritize patching immediately. Ensuring that systems are updated to version 2024 SU5 or later is essential to mitigate the risk associated with this vulnerability.

Given that this vulnerability is classified under CWE-89, it aligns with known SQL injection weaknesses, which remain a prevalent threat in modern web applications. Organizations should assess their configurations and ensure that they are not susceptible to such attacks.

Organizations should also consider implementing additional security measures such as input validation and regular security assessments to further protect their systems.

Vulnerability Details

The vulnerability is explicitly described as SQL injection in the Ivanti Endpoint Manager, allowing a remote authenticated attacker to read arbitrary data from the database. The CVSS score of 6.5 indicates a medium severity level, with a high confidentiality impact and no integrity or availability impact. The affected product is Ivanti Endpoint Manager, and the vulnerability affects all versions prior to vendor patch version 2024 SU5.

Technical Analysis

The root cause of this vulnerability stems from insufficient input validation, allowing attackers to inject malicious SQL queries. The attack vector is network-based, with a low attack complexity, meaning that attackers with low privileges can exploit the vulnerability without requiring user interaction. The confidentiality impact is high, as sensitive data could be exposed, while the integrity and availability impacts are non-existent.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive data, potentially leading to data breaches and compliance violations. The blast radius could be significant, particularly for organizations managing extensive data within Ivanti Endpoint Manager. Given the medium severity score and the lack of active exploitation reported, organizations should evaluate their exposure and prioritize remediation in their patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Ivanti Endpoint Manager are all versions prior to 2024 SU5. Organizations should ensure they are running this version or later to mitigate the risk associated with this vulnerability.

Mitigation & Remediation

Organizations should prioritize updating to Ivanti Endpoint Manager version 2024 SU5 or later. If immediate patching is not feasible, consider implementing input validation measures and monitoring for unusual database queries as workarounds. For further guidance on security practices, organizations may refer to application security assessment to strengthen their defenses.

Detection Guidance

Organizations should monitor logs for anomalies related to SQL queries and any unauthorized access attempts. Behavioral anomalies in user interactions with the database should also be flagged for review. Implementing network signatures to detect exploit attempts is recommended.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing challenges organizations face with SQL injection threats. Security teams should learn from this incident and enhance their input validation practices. Continuous assessments of application security posture are critical for proactive defense.

For organizations looking to enhance their security measures, consider exploring our red teaming services or our continuous penetration testing to identify vulnerabilities in your systems.

Finally, organizations should stay informed about threat landscapes by following our insights on emerging vulnerabilities and trends in security, which can be found on our blog.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-1602: Medium Vulnerability in Ivanti Endpoint Manager