Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Ivanti Cloud Services Appliance OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Exploited

Patched

A command injection vulnerability has been identified in the admin web console of Ivanti Cloud Services Appliance (CSA) versions prior to 5.0.2. This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access or manipulation of system resources.

Impact

Exploitation of this vulnerability allows for unauthorized OS command execution, with the potential for remote code execution on the affected system.

Remediation

Users are advised to upgrade to Ivanti Cloud Services Appliance version 5.0.2. Instructions for downloading this version are available in the Ivanti Cloud Services Application 5.0.2 Download Release Notes Patch History.

Added: May 15, 2026, 11:03 AM

Updated: May 15, 2026, 11:03 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.7

remediation

7.7

relevance

0.0

threat

9.7

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.7

remediation

7.7

relevance

0.0

threat

9.7

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Ivanti Cloud Services Appliance OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Ivanti CSA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating