What's Happening?
Ivanti has released updates for its Neurons for ITSM platform to address two medium-severity vulnerabilities. The first vulnerability, CVE-2026-4913, involves improper protection of an alternate path,
potentially allowing a remote authenticated attacker to retain access even if their account is disabled. The second, CVE-2026-4914, is a stored cross-site scripting (XSS) issue that could be exploited to obtain limited information from other user sessions. Both vulnerabilities require authentication and user interaction for exploitation. Ivanti has resolved these issues in version 2025.4 of Neurons for ITSM and advises users to update their systems promptly. The company has confirmed that no other Ivanti products are affected and there is no evidence of these vulnerabilities being exploited in the wild.
Why It's Important?
The patching of these vulnerabilities is crucial for maintaining the security integrity of Ivanti's Neurons for ITSM platform, which is widely used in IT service management. By addressing these security flaws, Ivanti helps prevent potential unauthorized access and data breaches, which could have significant implications for organizations relying on their software. This action underscores the importance of regular updates and vigilance in cybersecurity practices, especially as cyber threats continue to evolve. Organizations using Ivanti's solutions can benefit from enhanced security and reduced risk of exploitation, thereby protecting sensitive data and maintaining operational continuity.
