CVE-2026-7431 PUBLISHED

Assigner: ivanti
Reserved: 29.04.2026 Published: 12.05.2026 Updated: 12.05.2026

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS Score: 4.4

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	ivanti
Product	Secure Access Client
Versions	Default: affected Version 22.8R6 is unaffected

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Secure-Access-Client-CVE-2026-7431-CVE-2026-7432?language=en_US

Problem Types

CWE-732: Incorrect Permission Assignment for Critical Resource CWE

Impacts

CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs