CVE-2026-1603: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability

CISA has added CVE-2026-1603 to its Known Exploited Vulnerabilities catalog. Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. Affected Product: Endpoint Manager (EPM) by Ivanti. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due Date: 2026-03-23. This vulnerability poses a significant risk as it is being actively exploited by threat actors. Organizations using affected products should prioritize patching immediately to prevent potential compromise.