Perms issue in Ivanti Endpoint Manager agent allows local privilege escalation
CVE-2026-8110 Published on May 12, 2026

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.

NVD

Vulnerability Analysis

CVE-2026-8110 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. When a resource is given a permissions setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data.


Products Associated with CVE-2026-8110

Want to know whenever a new CVE is published for Ivanti Endpoint Manager? stack.watch will email you.

Ivanti Endpoint Manager
 

Affected Versions

ivanti Endpoint Manager Version 2024 SU6 is unaffected by CVE-2026-8110