Cyber Resilience

CVE-2026-8110

HighLPE

Published: 12 May 2026

Published
12 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8110 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Ivanti Endpoint Manager. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local authenticated privilege escalation via incorrect permissions assignment directly matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13164Same product: Ivanti Endpoint Manager
CVE-2024-13169Same product: Ivanti Endpoint Manager
CVE-2024-13171Same product: Ivanti Endpoint Manager
CVE-2024-13172Same product: Ivanti Endpoint Manager
CVE-2024-13167Same product: Ivanti Endpoint Manager
CVE-2024-13158Same product: Ivanti Endpoint Manager
CVE-2025-9872Same product: Ivanti Endpoint Manager
CVE-2024-13163Same product: Ivanti Endpoint Manager
CVE-2025-13659Same product: Ivanti Endpoint Manager
CVE-2026-1603Same product: Ivanti Endpoint Manager

Affected Assets

ivanti
endpoint manager
2024 · ≤ 2022

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-732

Procedures support proper permission assignment for critical resources through documented controls.

addresses: CWE-732

Attribute management for resources provides a mechanism to assign and maintain correct permissions based on security labels.

addresses: CWE-732

Prevents overly permissive assignments to critical resources by limiting to task needs.

addresses: CWE-732

Training policy covers correct permission assignment, reducing the ability to exploit incorrect permission assignments for critical resources.

addresses: CWE-732

Training on permission management reduces incorrect permission assignments for critical resources.

addresses: CWE-732

Audit logs and logging tools are critical resources whose protection requires correct permission assignments to block unauthorized actions.

addresses: CWE-732

Assessments review permission assignments on critical resources to confirm correctness, mitigating exploitation via incorrect permissions.

addresses: CWE-732

Certification includes checking that permissions on critical resources are correctly assigned.

References