Cyber Resilience

CVE-2026-8109

Medium

Published: 12 May 2026

Published
12 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0012 30.2th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8109 is a medium-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 30.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Exposed dangerous method directly enables remote authenticated credential leakage, mapping to Unsecured Credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

ivanti
endpoint manager
2024 · ≤ 2022

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-749

Explicitly prohibiting dangerous or unnecessary functions and services prevents exposure of methods that could be directly exploited.

addresses: CWE-749

Minimal functionality removes or avoids exposure of dangerous methods and functions.

References