CVE-2026-7432: Race Condition
Published May 12, 2026
·Updated
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
Affected Software
9 affected components
Ivanti Secure Access Client<22.8R6
All of the following
Any of the following
Ivanti Secure Access Client<=22.7
Ivanti Secure Access Client=22.8
Ivanti Secure Access Client=22.8-r1
Ivanti Secure Access Client=22.8-r2
Ivanti Secure Access Client=22.8-r3
Ivanti Secure Access Client=22.8-r4
Ivanti Secure Access Client=22.8-r5
Microsoft Windows
Event History
May 12, 2026
CVE Published
via MITRE·02:21 PM
Data Sourced
via MITRE·02:21 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
DescriptionSeverityWeaknessAffected Software
Oct 31, 58347
Event
via FIRST·02:30 PM
Frequently Asked Questions
1
What is the severity of CVE-2026-7432?
CVE-2026-7432 is classified as a high severity vulnerability due to its potential for privilege escalation.
2
How do I fix CVE-2026-7432?
To fix CVE-2026-7432, update the Ivanti Secure Access Client to version 22.8R6 or later.
3
Who is affected by CVE-2026-7432?
CVE-2026-7432 affects all versions of Ivanti Secure Access Client prior to version 22.8R6.
4
What does CVE-2026-7432 allow an attacker to do?
CVE-2026-7432 allows a locally authenticated user to escalate their privileges to SYSTEM.
5
Is there a mitigation for CVE-2026-7432?
The primary mitigation for CVE-2026-7432 is to apply the recommended software update without delay.