CVE-2026-8110
Published May 12, 2026
·Updated
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
Affected Software
10 affected components
Ivanti Ivanti Endpoint Manager Agent<2024 SU6
Ivanti Endpoint Manager<=2022
Ivanti Endpoint Manager=2024
Ivanti Endpoint Manager=2024-su1
Ivanti Endpoint Manager=2024-su2
Ivanti Endpoint Manager=2024-su3
Ivanti Endpoint Manager=2024-su3_security_release_1
Ivanti Endpoint Manager=2024-su4
Ivanti Endpoint Manager=2024-su4_security_release_1
Ivanti Endpoint Manager=2024-su5
Event History
May 12, 2026
CVE Published
via MITRE·02:31 PM
Data Sourced
via MITRE·02:31 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
DescriptionSeverityWeaknessAffected Software
Oct 31, 58347
Event
via FIRST·08:56 AM
Frequently Asked Questions
1
What is the severity of CVE-2026-8110?
CVE-2026-8110 has been classified with a critical severity rating due to its potential for privilege escalation.
2
How do I fix CVE-2026-8110?
To remediate CVE-2026-8110, upgrade Ivanti Endpoint Manager to version 2024 SU6 or later.
3
Who is affected by CVE-2026-8110?
Local authenticated users with access to Ivanti Endpoint Manager Agent prior to version 2024 SU6 are affected by CVE-2026-8110.
4
What impact does CVE-2026-8110 have on systems?
CVE-2026-8110 allows local authenticated attackers to escalate their privileges, potentially compromising system integrity.
5
When was CVE-2026-8110 reported?
CVE-2026-8110 was reported in May 2026 as part of a security advisory for Ivanti Endpoint Manager.