OS Command Injection Vulnerability in Ivanti Virtual Traffic Manager
CVE-2026-8051

7.2HIGH

Key Information:

Vendor: Ivanti
Status: Virtual Traffic Manager
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-8051?

The Ivanti Virtual Traffic Manager prior to version 22.9r4 is susceptible to an OS command injection vulnerability. This security flaw may allow a remote authenticated attacker with administrative privileges to execute arbitrary code on the server, potentially leading to unauthorized access and significant system compromise. Organizations using affected versions should prioritize applying the necessary updates to mitigate this risk.

Affected Version(s)

Virtual Traffic Manager 22.9r4

References

https://hub.ivanti.com/s/article/May-2026-Security-Adviso...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 6, 2026

CVE-2026-8051 Data

JSON