Ivanti Discloses High-Severity Privilege Escalation Flaw in Neurons for ITSM
Ivanti has revealed a high-severity improper access control vulnerability, CVE-2026-9614, affecting its Neurons for ITSM platform in both cloud and on-premises deployments. With a CVSS score of 8.8, the flaw allows authenticated attackers with low-level privileges to escalate to administrator access, potentially compromising entire IT service management environments.
The vulnerability, classified under CWE-284 (Improper Access Control), is particularly concerning due to its low attack complexity requiring only network access, minimal authentication, and no user interaction. An attacker exploiting this flaw could gain full administrative rights, posing significant risks to organizational infrastructure.
Ivanti published the security advisory on June 1, 2026, confirming that no active exploitation has been observed but warning of the elevated risk, given the platform’s historical targeting by advanced persistent threat (APT) actors. Previous incidents, such as the 2025 exploitation of CVE-2025-0282 in Ivanti Connect Secure, demonstrated how attackers leveraged vulnerabilities to deploy web shells, disable security controls, and evade detection.
Affected Versions & Mitigation:
- On-premises: Versions 2025.4 and prior require manual patching (2025.4 Patch 1, 2025.3 Patch 1, or 2025.2 Patch 1).
- Cloud (SaaS): Versions 2026.1 and prior were silently patched by Ivanti on May 24–25, 2026, with no customer action required.
Ivanti recommends on-premises customers apply patches immediately and monitor for unusual privilege changes or admin-level API activity. Despite no confirmed exploitation, the low attack complexity and Ivanti’s history as a high-value target underscore the urgency of remediation.
Source: https://cyberpress.org/ivanti-itsm-vulnerability/
Ivanti cybersecurity rating report: https://www.rankiteo.com/company/ivanti
"id": "IVA1780490432",
"linkid": "ivanti",
"type": "Vulnerability",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'IT Service Management (ITSM)',
'name': 'Ivanti',
'type': 'Company'}],
'attack_vector': 'Network',
'customer_advisories': 'On-premises customers urged to apply patches; cloud '
'customers informed of silent patching',
'date_publicly_disclosed': '2026-06-01',
'description': 'Ivanti has revealed a high-severity improper access control '
'vulnerability, CVE-2026-9614, affecting its Neurons for ITSM '
'platform in both cloud and on-premises deployments. The flaw '
'allows authenticated attackers with low-level privileges to '
'escalate to administrator access, potentially compromising '
'entire IT service management environments.',
'impact': {'operational_impact': 'Potential compromise of entire IT service '
'management environments',
'systems_affected': 'Neurons for ITSM (cloud and on-premises)'},
'investigation_status': 'No active exploitation observed',
'post_incident_analysis': {'corrective_actions': 'Patching, enhanced '
'monitoring for privilege '
'escalation',
'root_causes': 'Improper access control (CWE-284)'},
'recommendations': 'Apply patches immediately, monitor for unusual privilege '
'changes or admin-level API activity',
'references': [{'date_accessed': '2026-06-01',
'source': 'Ivanti Security Advisory'}],
'response': {'communication_strategy': 'Security advisory published on June '
'1, 2026',
'containment_measures': 'Patching (on-premises: 2025.4 Patch 1, '
'2025.3 Patch 1, or 2025.2 Patch 1; '
'cloud: silently patched by Ivanti)',
'enhanced_monitoring': 'Monitor for unusual privilege changes or '
'admin-level API activity',
'remediation_measures': 'Apply patches immediately, monitor for '
'unusual privilege changes or '
'admin-level API activity'},
'title': 'Ivanti Discloses High-Severity Privilege Escalation Flaw in Neurons '
'for ITSM',
'type': 'Privilege Escalation',
'vulnerability_exploited': 'CVE-2026-9614 (CWE-284: Improper Access Control)'}