{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/xtraction--2026.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2026-8043"},{"cvss":7.2,"id":"CVE-2026-8051"},{"cvss":4.4,"id":"CVE-2026-7431"},{"cvss":7.8,"id":"CVE-2026-7432"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Xtraction (\u003c= 2026.1)","Endpoint Manager (EPM) (\u003c= 2024 SU5)","Virtual Traffic Manager (vTM) (\u003c= 22.9r3)","Secure Access Client (Windows) (\u003c= 22.8R5)"],"_cs_severities":["medium"],"_cs_tags":["ivanti","vulnerability","patch","cve"],"_cs_type":"advisory","_cs_vendors":["Ivanti"],"content_html":"\u003cp\u003eOn May 12, 2026, Ivanti published security advisories addressing multiple vulnerabilities across several of their products. The advisories cover Ivanti Xtraction (version 2026.1 and prior), Ivanti Endpoint Manager (EPM) (version 2024 SU5 and prior), Ivanti Virtual Traffic Manager (vTM) (version 22.9r3 and prior), and Ivanti Secure Access Client (Windows) (version 22.8R5 and prior). These vulnerabilities could potentially be exploited by attackers to gain unauthorized access, execute arbitrary code, or cause denial-of-service conditions. It is crucial for organizations using these products to review the specific advisories and apply the recommended updates to protect against these risks. The broad range of affected products emphasizes the need for a comprehensive patching strategy across the Ivanti ecosystem.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attack begins with an unauthenticated attacker identifying a vulnerable Ivanti product within the target environment, potentially through scanning or reconnaissance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting a specific endpoint of the vulnerable product, exploiting a vulnerability such as command injection or authentication bypass (CVE-2026-8043, CVE-2026-8051, CVE-2026-7431, CVE-2026-7432).\u003c/li\u003e\n\u003cli\u003eThe vulnerable Ivanti application processes the malicious request without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eDue to the lack of input validation, the attacker injects arbitrary commands or code into the application\u0026rsquo;s execution flow.\u003c/li\u003e\n\u003cli\u003eThe injected code executes with the privileges of the Ivanti application, potentially allowing the attacker to read sensitive data, modify system configurations, or install malicious software.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes a foothold on the compromised system and attempts to escalate privileges to gain greater control.\u003c/li\u003e\n\u003cli\u003eWith elevated privileges, the attacker moves laterally within the network, compromising additional systems and resources.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, such as data exfiltration, ransomware deployment, or disruption of critical services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could allow attackers to gain unauthorized access to sensitive data, execute arbitrary code, or cause denial-of-service conditions. Depending on the specific vulnerability and the compromised system, the impact could range from minor data breaches to significant disruptions of critical business operations. Organizations using the affected Ivanti products are at risk, and the potential consequences could include financial losses, reputational damage, and regulatory fines. The lack of specific exploitation details in the advisory makes quantifying the potential damage difficult, but the wide deployment of these products suggests a potentially broad impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch Ivanti Xtraction to a version greater than 2026.1, referencing the Ivanti Security Advisory for CVE-2026-8043.\u003c/li\u003e\n\u003cli\u003eUpdate Ivanti Endpoint Manager (EPM) beyond version 2024 SU5, as detailed in the Ivanti Security Advisory for Ivanti Endpoint Manager (EPM) May 2026.\u003c/li\u003e\n\u003cli\u003eUpgrade Ivanti Virtual Traffic Manager (vTM) past version 22.9r3, according to the May 2026 Security Advisory Ivanti Virtual Traffic Manager (vTM) addressing CVE-2026-8051.\u003c/li\u003e\n\u003cli\u003eEnsure Ivanti Secure Access Client (Windows) is updated beyond version 22.8R5 to mitigate CVE-2026-7431 and CVE-2026-7432, as per the May 2026 Security Advisory Ivanti Secure Access Client.\u003c/li\u003e\n\u003cli\u003eDeploy network monitoring rules to detect suspicious traffic to and from Ivanti products, specifically looking for patterns indicative of exploitation attempts targeting CVE-2026-8043, CVE-2026-8051, CVE-2026-7431, and CVE-2026-7432.\u003c/li\u003e\n\u003cli\u003eEnable logging on Ivanti products to capture relevant events for security analysis, focusing on authentication attempts, configuration changes, and process executions.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T15:28:49Z","date_published":"2026-05-12T15:28:49Z","id":"https://feed.craftedsignal.io/briefs/2026-05-ivanti-multiple-vulns/","summary":"Ivanti released security advisories on May 12, 2026, to address vulnerabilities in Xtraction, Endpoint Manager (EPM), Virtual Traffic Manager (vTM), and Secure Access Client (Windows), urging users to apply necessary updates to mitigate potential risks from CVE-2026-8043, CVE-2026-8051, CVE-2026-7431, and CVE-2026-7432.","title":"Ivanti Addresses Multiple Vulnerabilities in Various Products","url":"https://feed.craftedsignal.io/briefs/2026-05-ivanti-multiple-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Xtraction (\u003c= 2026.1)","version":"https://jsonfeed.org/version/1.1"}