Open Redirect Vulnerability in Ivanti Xtraction Affects Users
CVE-2026-14902

4MEDIUM

Key Information:

Vendor

Ivanti

Status
Vendor
CVE Published:
14 July 2026

What is CVE-2026-14902?

An open redirect vulnerability in Ivanti Xtraction versions prior to 2026.2.1 can be exploited by a remote attacker, enabling them to redirect users to untrusted external URLs without authentication. This risk may facilitate phishing attacks or exposure to malicious websites, compromising user security.

Affected Version(s)

Xtraction 2026.2.1

References

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.