Improper Certificate Validation in Ivanti Secure Access Client
CVE-2026-8992

8.8HIGH

Key Information:

Vendor: Ivanti
Status: Secure Access Client
Vendor: CVE Published:; 22 May 2026

What is CVE-2026-8992?

An improper certificate validation vulnerability exists in the Ivanti Secure Access Client prior to version 22.8R6, enabling a remote unauthenticated attacker to potentially execute arbitrary code. This flaw may allow for the exploitation of insecure connections, posing various security threats to users of the affected products.

Affected Version(s)

Secure Access Client Windows 22.8R6

References

https://hub.ivanti.com/s/article/May-2026-Security-Adviso...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
May 19, 2026

CVE-2026-8992 Data

JSON