CVE-2026-4913EXPLOITEDPATCHED

ivanti · n-itsm

CVE-2026-4913: Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker t

Description

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.

Affected Products

Vendor	Product	Versions
ivanti	n-itsm	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ivanti	neurons for itsm	cert_advisory	90%

References

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-4913-CVE-2026-4914?language=en_US

Related News (3 articles)

Tier B

BSI Advisories26d ago

[NEU] [mittel] Ivanti Neurons for ITSM: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen

→ No new info (linked only)

Tier B

CERT-FR26d ago

Multiples vulnérabilités dans Ivanti Neurons (15 avril 2026)

→ No new info (linked only)

Tier C

VulDB27d ago

CVE-2026-4913 | Ivanti Neurons for ITSM up to 2025.3 improper protection of alternate path

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2025.4

CWECWE-424

PublishedApr 14, 2026

Last enriched26d agov3

Trending Score1

Source articles3

Independent3

Info Completeness9/14

Missing: versions, epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-6973EXPKEV

CVE-2026-6973: An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authentic

Trending: 139

HIGHCVE-2026-7821

CVE-2026-7821: Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthen

Trending: 34

HIGHCVE-2026-5787

CVE-2026-5787: An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unaut

Trending: 31

HIGHCVE-2026-5786

CVE-2026-5786: An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote

Trending: 31

HIGHCVE-2026-5788

CVE-2026-5788: An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticat

Trending: 27

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: affectedVersions

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Exploit Available

Apr 14, 2026

Patch Available

Apr 14, 2026

Updated: severity, cvssEstimate, exploitAvailable, activelyExploited

Apr 15, 2026

Version History

Last enriched 26d ago

v3Tier B26d ago

Updated severity to HIGH, CVSS score to 7.5, and marked exploit as available and actively exploited.

severitycvssEstimateexploitAvailableactivelyExploited

via CERT-FR

v2Tier C27d ago

Added affected version 2025.3 and confirmed no exploit is available.

affectedVersions

via VulDB

v127d ago

Initial creation