CVE-2026-8992 PUBLISHED

Assigner: ivanti
Reserved: 19.05.2026 Published: 22.05.2026 Updated: 22.05.2026

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	ivanti
Product	Secure Access Client
Versions	Default: affected Version 22.8R6 is unaffected

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Secure-Access-Client-CVE-2026-7431-CVE-2026-7432?language=en_US

Problem Types

CWE-295 Improper certificate validation CWE

Impacts

CAPEC-186 Malicious Software Update