ANAVEM
FR
Cybersecurity analysts monitoring network threats in government operations center
HighVulnerabilities

CISA adds Ivanti EPM flaw to exploited vulnerabilities list

CISA ordered federal agencies to patch a high-severity Ivanti Endpoint Manager vulnerability within three weeks after confirming active exploitation.

Emanuel DE ALMEIDA 10 Mar 2026, 12:36 2 min read 6 views 0 Comments

Last updated 11 Mar 2026, 00:44

Key Takeaways

  • Threat: Ivanti EPM vulnerability actively exploited in attacks
  • Impact: Federal agencies must patch within 21 days
  • CVE: Added to CISA's Known Exploited Vulnerabilities catalog
  • Severity: High-severity authentication bypass flaw

CISA Flags Active Ivanti EPM Exploitation

The Cybersecurity and Infrastructure Security Agency added a high-severity Ivanti Endpoint Manager vulnerability to its Known Exploited Vulnerabilities catalog on March 10, 2026. The agency confirmed attackers are actively exploiting the flaw in the wild.

CISA issued a binding operational directive requiring all federal agencies to patch affected systems within 21 days. The vulnerability allows attackers to bypass authentication mechanisms in Ivanti's endpoint management platform.

Federal Agencies Face Mandatory Patching

All U.S. federal civilian executive branch agencies running Ivanti Endpoint Manager must comply with the patching deadline. The directive applies to any government systems using the affected EPM versions.

Private sector organizations using Ivanti EPM should also prioritize patching, though they're not bound by the federal mandate. The Hacker News reported that multiple vulnerabilities across different vendors were added to the catalog simultaneously.

Exploitation Confirmed in Government Systems

CISA's decision to add the vulnerability stems from evidence of active exploitation targeting government infrastructure. The agency's Known Exploited Vulnerabilities catalog only includes flaws with confirmed in-the-wild abuse.

Federal agencies must patch by March 31, 2026, or disconnect affected systems from their networks. Security Affairs noted this addition was part of a broader update that included vulnerabilities from SolarWinds and Omnissa Workspace One.

Frequently Asked Questions

What is the CISA KEV catalog deadline for Ivanti EPM?
Federal agencies must patch Ivanti Endpoint Manager systems by March 31, 2026, or disconnect them from networks.
Is the Ivanti EPM vulnerability being actively exploited?
Yes, CISA confirmed attackers are actively exploiting this high-severity authentication bypass flaw in the wild.
Who must comply with the Ivanti EPM patching directive?
All U.S. federal civilian executive branch agencies running Ivanti Endpoint Manager must patch within 21 days.
#ivanti-epm#cisa-kev#federal-mandate

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related Tutorials

Learn more about this topic with our step-by-step guides

How to Check if Your PC Has the New Secure Boot 2023 Certificates (Windows UEFI CA 2023)
Intermediate
Cybersecurity

How to Check if Your PC Has the New Secure Boot 2023 Certificates (Windows UEFI CA 2023)

Microsoft's three original Secure Boot certificates (issued in 2011) begin expiring in June 2026. Windows is automatically rolling out the replacement 2023 certificates (Windows UEFI CA 2023, Microsoft UEFI CA 2023, KEK 2K CA 2023) via Windows Update. This guide shows you exactly how to check if your Windows 10 or 11 PC has already received the new certificates — using one PowerShell command.

8 steps
IT administrator configuring USB blocking policies in Microsoft Intune admin center
Intermediate
Cybersecurity

How to Block USB Drives Using Microsoft Intune Attack Surface Reduction Policies

Configure Microsoft Intune Attack Surface Reduction policies to prevent USB drive access on Windows 10/11 devices, protecting against data breaches and malware threats through removable storage restrictions.

10 steps
IT administrator configuring Windows LAPS with Microsoft Intune on multiple monitors
Intermediate
Cybersecurity

How to Set Up Windows LAPS with Microsoft Intune for Enhanced Security

Configure Windows Local Administrator Password Solution (LAPS) with Microsoft Intune to automatically manage and secure local administrator passwords across Windows devices in your organization.

6 steps
All Tutorials

Related Intelligence

Enterprise network switch with security warning in server room
Critical
Vulnerabilities

HPE Patches Five Critical AOS-CX Flaws: RCE, Privilege Escalation and Session Hijacking

Mar 10, 06:30 PM2 min
Corrupted ZIP files with malicious code emerging on computer screen
Medium
Malware

Zombie ZIP: How Malformed Archives Let Malware Slip Past Antivirus and EDR Tools

Mar 10, 09:05 PM5 min
BeatBanker Android Banking Malware 2026: Fake Starlink App Steals Banking Credentials
High
Malware

BeatBanker Android Banking Malware 2026: Fake Starlink App Steals Banking Credentials

Mar 10, 10:27 PM2 min
Cybersecurity threat visualization showing compromised network infrastructure with warning indicators
High
Malware

BlackSanta EDR Killer: Russian Hackers Use HR Departments to Disable Enterprise Security Tools

Mar 10, 11:57 PM2 min