Vulnerability Report

CVE-2026-8992

RCE

Title: CVE-2026-8992

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2026-8992.

CWE Category CWE-295
Published Date May 22, 2026
Modified Date May 22, 2026
Exploit Status Not Found
Score 8.8 CVSS v3.1
Exploit Probability (EPSS)
0.13%

Vulnerability Summary

CVE-2026-8992: An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.

Impacted Vendors

C
citrix 1
I
ivanti 1

Reference Links

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Secure-Access-Client-CVE-2026-7431-CVE-2026-7432?language=en_US
CVSS v3.1
Source Entity 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Severity HIGH
8.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
REQUIRED
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-8992 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction REQUIRED
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.