April 2026 Security Update

Ivanti has released a security update addressing vulnerabilities within Ivanti Neurons for ITSM, affecting both on-premises and cloud environments. The vendor emphasizes a proactive vulnerability management strategy, urging customers to apply patches to mitigate potential risks. While Ivanti states there is currently no evidence of these vulnerabilities being exploited in the wild, the disclosure serves as a critical signal for security teams to prioritize updates. Cloud customers are already protected as fixes were applied automatically in December 2025. On-premises users must manually remediate the issues following the provided Security Advisory. This update underscores the importance of timely patch management to prevent unauthorized access. No specific threat actors or malware campaigns are linked to these vulnerabilities at this time. Organizations should verify their deployment status and ensure compliance with the latest security patches to maintain environment integrity against potential future exploitation attempts by adversaries.

Ivanti releases standard security patches on the second Tuesday of every month.  Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Neurons for ITSM (on-premises and cloud). It is important for customers to know: We have no evidence of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. Customers using the cloud version of Ivanti Neurons for ITSM do not need to take any action as the fix was applied on 12 December 2025 to all cloud environments. More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in this Security Advisory . Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti has released a security update addressing vulnerabilities within Ivanti Neurons for ITSM, affecting both on-premises and cloud environments. The vendor emphasizes a proactive vulnerability management strategy, urging customers to apply patches to mitigate potential risks. While Ivanti states there is currently no evidence of these vulnerabilities being exploited in the wild, the disclosure serves as a critical signal for security teams to prioritize updates. Cloud customers are already protected as fixes were applied automatically in December 2025. On-premises users must manually remediate the issues following the provided Security Advisory. This update underscores the importance of timely patch management to prevent unauthorized access. No specific threat actors or malware campaigns are linked to these vulnerabilities at this time. Organizations should verify their deployment status and ensure compliance with the latest security patches to maintain environment integrity against potential future exploitation attempts by adversaries. Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Neurons for ITSM (on-premises and cloud). It is important for customers to know: We have no evidence of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. Customers using the cloud version of Ivanti Neurons for ITSM do not need to take any action as the fix was applied on 12 December 2025 to all cloud environments. More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in this Security Advisory . Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program. Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Neurons for ITSM (on-premises and cloud). It is important for customers to know: We have no evidence of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions. Customers using the cloud version of Ivanti Neurons for ITSM do not need to take any action as the fix was applied on 12 December 2025 to all cloud environments. More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in this Security Advisory . Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.