CVE-2026-7432

HIGH EPSS 20.1%
Published May 12, 20261mo ago · Modified Jun 17, 20261w ago
7.0 CVSS 3.1
High
Find Similar
Published May 12, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
20.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-362

Affected Products 8

VendorProductVersionRange
ivantisecure_access_client* ≤22.7
ivantisecure_access_client22.8any
ivantisecure_access_client22.8any
ivantisecure_access_client22.8any
ivantisecure_access_client22.8any
ivantisecure_access_client22.8any
ivantisecure_access_client22.8any
microsoftwindows*any

References 1

  • hub.ivanti.com https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Secure-Access-Client-CVE-2026-7431-CVE-2026-7432?language=en_US
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.