CVE-2026-4913 Ivanti — Exploit & Vulnerability Details MEDIUM

CVE-2026-4913

MEDIUM CVSS 3.1: 5.7 EPSS 0.11%

Parameter	Value
CVSS	5.7 (MEDIUM)
Affected Versions	before 2025.4
Type	CWE-424
Vendor	Ivanti
Public PoC	No

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-424

References 1

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-…

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4914

Ivanti

5.4

CVE-2026-3483

Ivanti

7.8

CVE-2026-1603

Ivanti

8.6

CVE-2026-1602

Ivanti

6.5

CVE-2026-1340

Ivanti

9.8

Menu

CVE-2026-4913

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-4914

CVE-2026-3483

CVE-2026-1603

CVE-2026-1602

CVE-2026-1340

CVE Details

Editor's Choice

Menu

CVE-2026-4913

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-4914

CVE-2026-3483

CVE-2026-1603

CVE-2026-1602

CVE-2026-1340

CVE Details

Editor's Choice

Stay informed on cybersecurity