Ivanti N-ITSM Vulnerability Allows Access Retention Despite Account Disabling
CVE-2026-4913

5.7MEDIUM

Key Information:

Vendor: Ivanti
Status: Neurons For Itsm (on-premise); Neurons For Itsm (cloud)
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-4913?

An access control vulnerability in Ivanti N-ITSM prior to version 2025.4 allows remote authenticated attackers to maintain access even after their accounts have been disabled. This flaw can potentially lead to unauthorized actions and data exposure, highlighting the importance of adequate security measures to revoke account access properly.

Affected Version(s)

Neurons for ITSM (Cloud) 2025.4

Neurons for ITSM (On-Premise) 2025.4

References

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-4913 Data

JSON