Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2026-8109

CVE-2026-8109

MEDIUM6.5

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials

Published May 12, 2026

Modified Yesterday

Details

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.

References

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-May-2026?language=en_US

https://www.cve.org/CVERecord?id=CVE-2026-8109

CVSS Analysis

CVSS v3.1

6.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedMay 12, 2026

ModifiedMay 12, 2026

CVE-2026-8109 | Mondoo Vulnerability Intelligence