Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for Authentication Bypass

Multiple vulnerabilities in Ivanti Endpoint Manager (pre-2024 SU5) include an unauthenticated authentication bypass (CVE-2026-1603) capable of leaking stored credential data and an authenticated SQL injection (CVE-2026-1602) that can read arbitrary database contents; both are classified as initial access via exploitation of a public-facing application and could enable credential compromise and data exposure. Organizations should prioritize patching to 2024 SU5 or applying mitigations to prevent unauthorized access and data leakage.