CVE-2026-8051: OS Command Injection
Published May 12, 2026
·Updated
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Affected Software
5 affected components
Ivanti Virtual Traffic Manager<22.9r4
Ivanti Virtual Traffic Manager<=22.8
Ivanti Virtual Traffic Manager=22.9-r1
Ivanti Virtual Traffic Manager=22.9-r2
Ivanti Virtual Traffic Manager=22.9-r3
Event History
May 12, 2026
CVE Published
via MITRE·02:24 PM
Data Sourced
via MITRE·02:24 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
DescriptionSeverityWeaknessAffected Software
Oct 31, 58347
Event
via FIRST·08:41 AM
Frequently Asked Questions
1
What is the severity of CVE-2026-8051?
CVE-2026-8051 has a high severity rating as it allows remote code execution for authenticated admin users.
2
How do I fix CVE-2026-8051?
To fix CVE-2026-8051, upgrade Ivanti Virtual Traffic Manager to version 22.9r4 or later.
3
Who is affected by CVE-2026-8051?
CVE-2026-8051 affects users of Ivanti Virtual Traffic Manager versions prior to 22.9r4.
4
What is the impact of CVE-2026-8051?
The impact of CVE-2026-8051 includes the potential for attackers to execute arbitrary commands on the affected systems.
5
Is authentication required to exploit CVE-2026-8051?
Yes, CVE-2026-8051 requires an attacker to be an authenticated admin user to exploit the vulnerability.