CVE-2026-7432 PUBLISHED

Assigner: ivanti
Reserved: 29.04.2026 Published: 12.05.2026 Updated: 13.05.2026

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

CVSS 3.1

Vendor	ivanti
Product	Secure Access Client
Versions	Default: affected Version 22.8R6 is unaffected

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE