March 2026 Security Update

Ivanti has released its March 2026 Security Update, addressing vulnerabilities identified within the Ivanti Desktop and Server Management (DSM) solution. This monthly patch cycle underscores the vendor's commitment to proactive vulnerability management and responsible transparency. While the advisory signals the need for urgent updates to protect customer environments, Ivanti explicitly states there is currently no evidence of these vulnerabilities being exploited in the wild. The issues are contained specifically within DSM and do not affect other Ivanti solutions. Security teams are advised to review the detailed Security Advisory for remediation instructions and apply patches immediately to mitigate potential risks. Customers can log support cases via the Ivanti Innovators Hub if assistance is required. Staying updated via the provided RSS feed is recommended to maintain situational awareness regarding future security disclosures and ensure continued protection against potential threat actors seeking to leverage unpatched software vulnerabilities in enterprise management tools.

Ivanti releases standard security patches on the second Tuesday of every month.  Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Desktop and Server Management (DSM). It is important for customers to know: We have no evidence of this vulnerability being exploited in the wild. This vulnerability does not impact any other Ivanti solutions. More information on this vulnerability and detailed instructions on how to remediate the issues can be found in this Security Advisory . Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti has released its March 2026 Security Update, addressing vulnerabilities identified within the Ivanti Desktop and Server Management (DSM) solution. This monthly patch cycle underscores the vendor's commitment to proactive vulnerability management and responsible transparency. While the advisory signals the need for urgent updates to protect customer environments, Ivanti explicitly states there is currently no evidence of these vulnerabilities being exploited in the wild. The issues are contained specifically within DSM and do not affect other Ivanti solutions. Security teams are advised to review the detailed Security Advisory for remediation instructions and apply patches immediately to mitigate potential risks. Customers can log support cases via the Ivanti Innovators Hub if assistance is required. Staying updated via the provided RSS feed is recommended to maintain situational awareness regarding future security disclosures and ensure continued protection against potential threat actors seeking to leverage unpatched software vulnerabilities in enterprise management tools. Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Desktop and Server Management (DSM). It is important for customers to know: We have no evidence of this vulnerability being exploited in the wild. This vulnerability does not impact any other Ivanti solutions. More information on this vulnerability and detailed instructions on how to remediate the issues can be found in this Security Advisory . Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program. Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Desktop and Server Management (DSM). It is important for customers to know: We have no evidence of this vulnerability being exploited in the wild. This vulnerability does not impact any other Ivanti solutions. More information on this vulnerability and detailed instructions on how to remediate the issues can be found in this Security Advisory . Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.