DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:03:37ZSOURCES: 14CRITICAL: 15
⚠ ACTIVE ALERTS
SYLVANITE CRITICAL — SYLVANITE is a newly named Dragos-tracked threat group identified as a dedicated… /// @MsftSecIntel CRITICAL — We are tracking TeamPCP (UNC6780) activity following the GitHub internal repository… /// @GossiTheDog CRITICAL — The GitHub / TeamPCP breach is now being monetized on BreachForums. Listing is up — $95k… /// @struppigel CRITICAL — SUPPLY CHAIN ALERT: Laravel-Lang PHP packages backdoored May 22-23 via hijacked GitHub… /// @MalwareHunterTeam CRITICAL — Seeing fresh DebugElevator stealer log batches already appearing for sale on Exploit.in —…
15Critical Threats
8Active CVEs
0IOCs Tracked
0New Advisories
INTEL FEED/CVE TRACKER/CVE-2026-8992
TLP:WHITEVULNERABILITY BRIEF // CVE-2026-8992PUBLISHED: 2026-05-22
CRITICALCVE-2026-8992

Ivanti Secure Access Client Improper Certificate Validation RCE

VENDOR: Ivanti//PRODUCT: Ivanti Secure Access Client
9.1
CRITICAL
CVSS 3.1
PATCH STATUS
PATCH AVAILABLE
EXPLOIT STATUS
NO KNOWN EXPLOIT

VULNERABILITY OVERVIEW

An improper certificate validation vulnerability (CWE-295) in Ivanti Secure Access Client allows a remote unauthenticated attacker to execute arbitrary code. The flaw was disclosed as part of Ivanti's May 2026 Patch Tuesday release. No exploitation in the wild has been confirmed at time of disclosure. Given Ivanti's history as a high-value target for nation-state actors and ransomware operators — with CISA having flagged 33 Ivanti CVEs as actively exploited — this vulnerability warrants urgent patching priority.

CVSS BREAKDOWN

Attack Vector
NETWORK
Attack Complexity
LOW
Privs Required
NONE
User Interaction
NONE
Scope / Impact
UNCHANGED
C:H · I:H · A:H
AFFECTED VERSIONSIvanti Secure Access Client before version 22.8R6

CITATIONS

  • https://nvd.nist.gov/vuln/detail/CVE-2026-8992
  • https://www.ivanti.com/blog/may-2026-security-update
  • https://cybersecuritynews.com/ivanti-patches-multiple-vulnerabilities/
SHARE BRIEF:✕ Post on Xin Share on LinkedIn