Zero Day MonitorZDM

CVE-2026-3483: An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges. — Zero Day Monitor

← Back to list

7.8

CVE-2026-3483PATCHED

ivanti · desktop_\&_server_management

An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.

Description

An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.

Affected Products

Vendor	Product	Versions
ivanti	desktop_\&_server_management	< 2026.1.1

References

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-DSM-CVE-2026-3483?language=en_US(Vendor Advisory)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

2026.1.1

CWECWE-749

PublishedMar 10, 2026

Last enriched7d ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (4)

CRITICALCVE-2026-1340EXPKEV

CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

CRITICALCVE-2026-1281EXPKEV

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

HIGHCVE-2026-1603EXPKEV

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

MEDIUMCVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 10, 2026

Patch Available

Mar 12, 2026

Discovered by ZDM

Apr 1, 2026