CVE-2026-4914 Ivanti — Exploit & Vulnerability Details MEDIUM

CVE-2026-4914

MEDIUM CVSS 3.1: 5.4 EPSS 0.09%

Parameter	Value
CVSS	5.4 (MEDIUM)
Affected Versions	before 2025.4
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Ivanti
Public PoC	No

Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 1

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-…

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4913

Ivanti

5.7

CVE-2026-3483

Ivanti

7.8

CVE-2026-1603

Ivanti

8.6

CVE-2026-1602

Ivanti

6.5

CVE-2026-1340

Ivanti

9.8

Menu

CVE-2026-4914

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-4913

CVE-2026-3483

CVE-2026-1603

CVE-2026-1602

CVE-2026-1340

CVE Details

Editor's Choice

Menu

CVE-2026-4914

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-4913

CVE-2026-3483

CVE-2026-1603

CVE-2026-1602

CVE-2026-1340

CVE Details

Editor's Choice

Stay informed on cybersecurity