Ivanti Neurons for ITSM Privilege Escalation Vulnerability Advisory (CVE-2026-9614)

Vulnerability Overview Vulnerability ID: CVE-2026-9614 Description: A critical vulnerability in Ivanti Neurons for ITSM allows authenticated attackers to gain administrative privileges. CVSS Score: 8.8 (High) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CWE: CWE-284 Affected Products Affected Versions: - Ivanti Neurons for ITSM (On-Premises): 2025.4 and earlier - Ivanti Neurons for ITSM (Cloud): 2026.1 and earlier Remediation On-Premises Deployment: Update to the fixed version of Ivanti ITSM, available in the Downloads section of the ILS (login required). SaaS Deployment: The issue has been resolved via service updates; no action is required from customers. FAQ Is there active exploitation: No cases of customer exploitation have been detected so far. How to detect if exploited: Customers are advised to audit role configurations to ensure permissions are restricted to expected administrative roles. Do Cloud customers need to take action: No, Ivanti has applied fixes to all cloud environments. What if I need help: Log in and submit a request to the Ivanti Innovators Hub. Why an out-of-band fix was released: Due to the simplicity of the exploitation, Ivanti prioritized the development of a fix and released it as soon as the vulnerability was identified. Why were two emergency patches released in the last week of May: Ivanti released two emergency patches in the last week of May due to security issues disclosed in 2026.1 Patch 9 and 2026.2 Patch 1. Subsequently, Ivanti also fixed an issue causing IP addresses to not be logged correctly, which only affected the cloud version of the product. Additional Information Article Number: 000107021 Article Promotion Level: Normal Footer Copyright: © 2019-2026 Ivanti. All rights reserved. Terms and Conditions: Terms & Conditions Privacy Policy: Privacy Policy Navigation Home: Home Contact Support: Contact Support Forum Groups: Forum Groups More: More Search: Ask Ivanti a Question Log In: Log In Advertising Cookie Notice: This website uses cookies to optimize website performance, content, and overall experience. Accept All Summary Ivanti Neurons for ITSM contains a critical vulnerability (CVE-2026-9614) that allows authenticated attackers to obtain administrative privileges. Affected versions include On-Premises releases 2025.4 and earlier, and Cloud releases 2026.1 and earlier. Remediation involves updating to the fixed version or relying on service updates. Currently, no exploitation against customers has been observed. Customers are advised to audit role configurations to ensure permissions are appropriately restricted.

Goal Reached Thanks to every supporter — we hit 100%!

Ivanti Neurons for ITSM Privilege Escalation Vulnerability Advisory (CVE-2026-9614)