Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Ivanti Cloud Services Appliance Path Traversal Vulnerability

Vulnerability

Exploited

Patched

A path traversal vulnerability has been identified in Ivanti Cloud Services Appliance (CSA) versions 4.6 prior to Patch 519. This vulnerability allows remote, unauthenticated attackers to access restricted functionality. The issue was inadvertently addressed in Patch 519, released on September 10, 2024. However, since Ivanti CSA 4.6 has reached end-of-life and will not receive further updates, users are advised to upgrade to Ivanti CSA 5.0.

Impact

Exploitation of this vulnerability could lead to unauthorized access to restricted functionality within the Ivanti Cloud Services Appliance.

Remediation

Users are strongly advised to upgrade to Ivanti Cloud Services Appliance 5.0. For those on Ivanti CSA 4.6 Patch 518, Patch 519 is available. However, as version 4.6 has reached end-of-life, the recommended path is to upgrade to version 5.0.

Added: May 15, 2026, 11:03 AM

Updated: May 15, 2026, 11:03 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

8.7

remediation

8.3

relevance

0.0

threat

9.9

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

8.7

remediation

8.3

relevance

0.0

threat

9.9

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Ivanti Cloud Services Appliance Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ivanti Cloud Services Appliance

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating