CVE-2026-9614

Summary

An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access.

Affected Software

VendorProductVersion RangeStatus
IvantiNeurons for ITSM (On-Premises)2025.4 Patch 1unaffected
IvantiNeurons for ITSM (On-Premises)2025.3 Patch 1unaffected
IvantiNeurons for ITSM (On-Premises)2025.2 Patch 1unaffected
IvantiNeurons for ITSM (Cloud)2026.1 Patch 9unaffected
IvantiNeurons for ITSM (Cloud)2026.2 Patch 1unaffected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References