Ivanti Patches High-Severity Privilege Escalation Flaw in DSM Software
Ivanti has released a security update for its Desktop and Server Management (DSM) software, addressing a high-severity privilege escalation vulnerability (CVE-2026-3483) with a CVSS score of 7.8. The flaw affects all DSM versions up to and including 2026.1 and stems from an exposed dangerous method (CWE-749), allowing a local authenticated attacker to gain elevated privileges on vulnerable systems.
The vulnerability requires low attack complexity and no user interaction, making it easily exploitable once an attacker gains initial access. Successful exploitation could enable threat actors to compromise confidentiality, integrity, and availability of affected systems particularly critical in enterprise environments where DSM manages large-scale endpoints and servers.
Ivanti has resolved the issue in DSM version 2026.1.1, available via the Ivanti License System (ILS). The company confirmed no active exploitation at the time of disclosure, as the flaw was reported through its responsible disclosure program. No indicators of compromise (IOCs) have been identified.
Organizations using affected versions are advised to upgrade immediately to mitigate risk. Additional details are available in Ivanti’s release notes and upgrade documentation.
Source: https://cybersecuritynews.com/ivanti-desktop-and-server-management-vulnerability/
Ivanti cybersecurity rating report: https://www.rankiteo.com/company/ivanti
"id": "IVA1773167087",
"linkid": "ivanti",
"type": "Vulnerability",
"date": "3/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': 'Organizations using Ivanti DSM '
'versions up to and including '
'2026.1',
'industry': 'Technology/Enterprise Software',
'name': 'Ivanti',
'type': 'Vendor/Software Provider'}],
'attack_vector': 'Local',
'description': 'Ivanti has released a security update for its Desktop and '
'Server Management (DSM) software, addressing a high-severity '
'privilege escalation vulnerability (CVE-2026-3483) with a '
'CVSS score of 7.8. The flaw affects all DSM versions up to '
'and including 2026.1 and stems from an exposed dangerous '
'method (CWE-749), allowing a local authenticated attacker to '
'gain elevated privileges on vulnerable systems. Successful '
'exploitation could enable threat actors to compromise '
'confidentiality, integrity, and availability of affected '
'systems, particularly critical in enterprise environments '
'where DSM manages large-scale endpoints and servers.',
'impact': {'operational_impact': 'Compromise of confidentiality, integrity, '
'and availability',
'systems_affected': 'DSM-managed endpoints and servers'},
'investigation_status': 'Resolved (no active exploitation confirmed)',
'post_incident_analysis': {'corrective_actions': 'Security update in DSM '
'version 2026.1.1',
'root_causes': 'Exposed dangerous method '
'(CWE-749)'},
'recommendations': 'Organizations using affected versions are advised to '
'upgrade immediately to mitigate risk.',
'references': [{'source': 'Ivanti Release Notes'},
{'source': 'Ivanti Upgrade Documentation'}],
'response': {'communication_strategy': 'Release notes and upgrade '
'documentation provided',
'containment_measures': 'Upgrade to DSM version 2026.1.1',
'remediation_measures': 'Security update released in DSM version '
'2026.1.1'},
'title': 'Ivanti Patches High-Severity Privilege Escalation Flaw in DSM '
'Software',
'type': 'Privilege Escalation',
'vulnerability_exploited': 'CVE-2026-3483 (CWE-749 - Exposed Dangerous '
'Method)'}