What's Happening?
Ivanti has released updates for its Neurons for ITSM platform to address two medium-severity vulnerabilities. The first vulnerability, CVE-2026-4913, involves improper protection of an alternate path, potentially allowing a remote authenticated attacker
to retain access even after account deactivation. The second, CVE-2026-4914, is a stored cross-site scripting (XSS) issue that could be exploited to obtain limited information from other user sessions. Both vulnerabilities have been resolved in version 2025.4 of Neurons for ITSM. Ivanti assures that no other products are affected and that the vulnerabilities have not been exploited in the wild.
Why It's Important?
The patching of these vulnerabilities is crucial for maintaining the security integrity of Ivanti's IT service management platform, which is widely used in various industries. Unpatched vulnerabilities could lead to unauthorized access and data breaches, posing significant risks to organizations relying on these systems for critical operations. By addressing these issues, Ivanti helps prevent potential exploitation and reinforces trust in its security measures. This action also highlights the importance of regular updates and vigilance in cybersecurity practices to protect sensitive information.
What's Next?
Organizations using Ivanti Neurons for ITSM are advised to update their systems promptly to ensure protection against these vulnerabilities. Ivanti plans to include updated OpenSSH versions in future releases, addressing other potential security concerns. Continuous monitoring and timely updates will be essential for users to safeguard their IT environments. The cybersecurity community may also focus on identifying and mitigating similar vulnerabilities in other platforms to prevent exploitation.
