CVE-2026-8111
Ivanti · Endpoint Manager
A SQL injection vulnerability in the Ivanti Endpoint Manager web console allows remote authenticated attackers to achieve remote code execution.
Executive summary
A critical SQL injection vulnerability in the Ivanti Endpoint Manager web console allows authenticated attackers to gain remote code execution, posing a significant risk to enterprise environments.
Vulnerability
The application fails to properly neutralize special elements used in SQL commands (CWE-89), leading to SQL injection. The vulnerability requires the attacker to be authenticated (PR:L), but once exploited, it allows for remote code execution on the server.
Business impact
The ability to execute arbitrary code via the Endpoint Manager console provides an attacker with complete control over the management platform. With a CVSS score of 8.8, this vulnerability could be used to deploy malware, exfiltrate sensitive endpoint data, or move laterally within the network.
Remediation
Immediate Action: Upgrade Ivanti Endpoint Manager to version 2024 SU6 or later immediately.
Proactive Monitoring: Review web console logs for suspicious SQL syntax or unusual query behavior that may indicate an ongoing exploitation attempt.
Compensating Controls: Use a Web Application Firewall (WAF) with updated rulesets configured to detect and block common SQL injection patterns targeting administrative web consoles.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Ivanti Endpoint Manager is a critical infrastructure component; therefore, any vulnerability allowing remote code execution must be addressed with the highest priority. Administrators should proceed with the update to 2024 SU6 immediately to secure the environment.