Primary

Context

Ivanti Secure Access Client Improper Certificate Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability allowing improper certificate validation has been identified in Ivanti Secure Access Client for Windows, in versions prior to 22.8R6. This vulnerability enables a remote, unauthenticated attacker to execute arbitrary code on the affected system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users are advised to update to Ivanti Secure Access Client version 22.8R6. This version is compatible with Ivanti Connect Secure 25.1.1.0, 22.8R2.3, 22.7R2.12, Ivanti Policy Secure 22.7R1.12, and Ivanti Neurons for ZTNA 22.8R1.10.

Added: May 26, 2026, 3:58 PM

Updated: May 26, 2026, 3:58 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.2

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.2

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Secure Access Client Improper Certificate Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Ivanti Secure Access Client

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating