Cyber Resilience

CVE-2026-3483

High

Published: 10 March 2026

Published
10 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0007 21.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3483 is a high-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Ivanti Desktop \& Server Management. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-3483 is a vulnerability involving an exposed dangerous method in Ivanti DSM versions prior to 2026.1.1. This flaw allows a local authenticated attacker to escalate their privileges. It carries a CVSS v3.1 base score of 7.8, with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and is categorized under CWE-749 (Exposed Dangerous Method or Function). The vulnerability was published on 2026-03-10.

A local attacker with low privileges (PR:L) can exploit this issue with low attack complexity and no user interaction. Exploitation requires local access to the system but enables high impacts on confidentiality, integrity, and availability, typically resulting in full privilege escalation for the attacker.

Ivanti has published a security advisory detailing the issue at https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-DSM-CVE-2026-3483?language=en_US. Mitigation involves updating Ivanti DSM to version 2026.1.1 or later, as the vulnerability affects only prior releases.

EU & UK References

Vulnerability details

An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local authenticated privilege escalation via exposed dangerous method (CWE-749) directly enables T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0283Same vendor: Ivanti
CVE-2024-13164Same vendor: Ivanti
CVE-2024-13169Same vendor: Ivanti
CVE-2024-10630Same vendor: Ivanti
CVE-2025-22454Same vendor: Ivanti
CVE-2026-8110Same vendor: Ivanti
CVE-2026-5786Same vendor: Ivanti
CVE-2025-22467Same vendor: Ivanti
CVE-2025-8310Same vendor: Ivanti
CVE-2025-55142Same vendor: Ivanti

Affected Assets

ivanti
desktop \& server management
≤ 2026.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws like the exposed dangerous method, directly mitigated by patching Ivanti DSM to version 2026.1.1 or later.

prevent

Employs least privilege to restrict local authenticated low-privilege attackers from accessing or exploiting the dangerous method for privilege escalation.

prevent

Enforces approved authorizations for logical access, preventing low-privileged local users from invoking the exposed dangerous method.

References