1 article
CISA added CVE-2026-1603, an authentication bypass in Ivanti Endpoint Manager, to the Known Exploited Vulnerabilities catalogue on 9 March with a federal agency patch deadline of 23 March. The flaw allows unauthenticated attackers to bypass authentication entirely and steal Domain Administrator password hashes and service account credentials from EPM's credential vault.