Inadequate Permission Assignment in Ivanti Secure Access Client
CVE-2026-7431

4.4MEDIUM

Key Information:

Vendor: Ivanti
Status: Secure Access Client
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-7431?

The Ivanti Secure Access Client suffers from an inadequate permission assignment for critical resources, allowing local authenticated users to access and potentially modify sensitive log data. This occurs due to improper write access to shared memory sections, posing risks to data integrity and confidentiality. Users are recommended to upgrade to version 22.8R6 or later to mitigate these security concerns.

Affected Version(s)

Secure Access Client Windows 22.8R6

References

https://hub.ivanti.com/s/article/May-2026-Security-Adviso...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 29, 2026

CVE-2026-7431 Data

JSON