HIGHCVE-2026-8992Published 2026-05-22Modified 2026-05-23CNA ivanti

CVE-2026-8992: An improper certificate validation vulnerability in Ivanti Secure Access Client before 22

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: 22.8R6
Affected Products: 1

Fix available

22.8R6

Affected packages

ivanti / Secure Access Client
Fixed in 22.8R6

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

hub.ivanti.com

Metrics

Fix available