CVE-2026-4913 | THREATINT

Description

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.

PUBLISHED Reserved 2026-03-26 | Published 2026-04-14 | Updated 2026-04-14 | Assigner ivanti

MEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-424: Improper Protection of Alternate Path

Product status

Default status

affected

2025.4

unaffected

Default status

affected

2025.4

unaffected

References

hub.ivanti.com/...CVE-2026-4913-CVE-2026-4914?language=en_US

cve.org (CVE-2026-4913)

nvd.nist.gov (CVE-2026-4913)

Download JSON

help @ threatint.eu