Zero Day MonitorZDM

← Back to list

8.8

CVE-2026-9614EXPLOITEDPATCHED

ivanti · neurons for itsm

CVE-2026-9614: An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticate

Description

An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access.

Affected Products

Vendor	Product	Versions
ivanti	neurons for itsm	2026.1 before 2026.1 patch 9, 2026.2 before 2026.2 patch 1, 2025.2 before 2025.2 Patch 1, 2025.3 before 2025.3 Patch 1, 2025.4 before 2025.4 Patch 1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ivanti	neurons for itsm	cert_advisory	90%

References

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-9614

Related News (3 articles)

Tier B

BSI Advisories11d ago

[NEU] [hoch] Ivanti Neurons for ITSM: Schwachstelle ermöglicht Privilegieneskalation

→ No new info (linked only)

Tier B

CERT-FR11d ago

Vulnérabilité dans les produits Ivanti (02 juin 2026)

→ No new info (linked only)

Tier C

VulDB11d ago

CVE-2026-9614 | Ivanti Neurons for ITSM access control

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2025.4 Patch 12025.3 Patch 12025.2 Patch 12026.1 Patch 92026.2 Patch 1

CWECWE-284

PublishedJun 1, 2026

Last enriched11d agov3

Trending Score13

Source articles3

Independent3

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-10520EXP

CVE-2026-10520: An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote

HIGHCVE-2026-6973EXPKEV

CVE-2026-6973: An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authentic

CRITICALCVE-2026-10523EXP

CVE-2026-10523: An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allow

HIGHCVE-2026-10727EXP

CVE-2026-10727: An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote aut

CRITICALCVE-2026-8043

CVE-2026-8043: External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 1, 2026

Discovered by ZDM

Jun 1, 2026

Updated: severity

Jun 1, 2026

Actively Exploited

Jun 2, 2026

Exploit Available

Jun 2, 2026

Patch Available

Jun 2, 2026

Updated: affectedVersions, exploitAvailable, activelyExploited

Jun 2, 2026

Version History

v3

Last enriched 11d ago

v3Tier B11d ago

Updated affected versions and marked exploit availability and active exploitation status as true.

affectedVersionsexploitAvailableactivelyExploited

via CERT-FR

v2Tier C11d ago

Updated severity from HIGH to CRITICAL and corrected exploit availability to false.

severity

via VulDB

v111d ago

Initial creation