{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4913", "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "state": "PUBLISHED", "assignerShortName": "ivanti", "dateReserved": "2026-03-26T16:37:44.109Z", "datePublished": "2026-04-14T14:10:30.529Z", "dateUpdated": "2026-04-14T15:07:48.368Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "shortName": "ivanti", "dateUpdated": "2026-04-14T14:10:37.405Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-424", "description": "CWE-424: Improper Protection of Alternate Path", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "affected": [{"vendor": "Ivanti", "product": "Neurons for ITSM (On-Premise)", "versions": [{"status": "unaffected", "version": "2025.4"}], "defaultStatus": "affected"}, {"vendor": "Ivanti", "product": "Neurons for ITSM (Cloud)", "versions": [{"status": "unaffected", "version": "2025.4"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper protection of an alternate path\u00a0in\u00a0Ivanti\u00a0N-ITSM\u00a0before\u00a0version 2025.4\u00a0allows a\u00a0remote authenticated\u00a0attacker to\u00a0retain access when their account has been\u00a0disabled.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.  "}]}], "references": [{"url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-4913-CVE-2026-4914?language=en_US"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:07:39.450225Z", "id": "CVE-2026-4913", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:07:48.368Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4913", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:07:39.450225Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:07:43.500Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ivanti", "product": "Neurons for ITSM (On-Premise)", "versions": [{"status": "unaffected", "version": "2025.4"}], "defaultStatus": "affected"}, {"vendor": "Ivanti", "product": "Neurons for ITSM (Cloud)", "versions": [{"status": "unaffected", "version": "2025.4"}], "defaultStatus": "affected"}], "references": [{"url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-4913-CVE-2026-4914?language=en_US"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper protection of an alternate path\u00a0in\u00a0Ivanti\u00a0N-ITSM\u00a0before\u00a0version 2025.4\u00a0allows a\u00a0remote authenticated\u00a0attacker to\u00a0retain access when their account has been\u00a0disabled.", "supportingMedia": [{"type": "text/html", "value": "Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.  ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-424", "description": "CWE-424: Improper Protection of Alternate Path"}]}], "providerMetadata": {"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "shortName": "ivanti", "dateUpdated": "2026-04-14T14:10:37.405Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4913", "state": "PUBLISHED", "dateUpdated": "2026-04-14T15:07:48.368Z", "dateReserved": "2026-03-26T16:37:44.109Z", "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "datePublished": "2026-04-14T14:10:30.529Z", "assignerShortName": "ivanti"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper protection of an alternate path\u00a0in\u00a0Ivanti\u00a0N-ITSM\u00a0before\u00a0version 2025.4\u00a0allows a\u00a0remote authenticated\u00a0attacker to\u00a0retain access when their account has been\u00a0disabled."}], "id": "CVE-2026-4913", "lastModified": "2026-04-17T15:11:03.923", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary"}]}, "published": "2026-04-14T15:16:39.587", "references": [{"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-4913-CVE-2026-4914?language=en_US"}], "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-424"}], "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.4"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 87.0, "source": "matching"}]}, "original": {"product": "Neurons for ITSM (Cloud)", "source": "cna", "vendor": "Ivanti"}, "product": "neurons_for_itsm", "vendor": "ivanti"}], "analysis": {"en": {"generated_at": "2026-04-14T16:24:20.575915+00:00", "value": {"mitigation_remediation": ["Upgrade to Ivanti Neurons for ITSM version 2025.4 or later.", "Verify that disabled accounts can no longer access the alternate path after updating.", "Monitor user sessions to detect any active sessions for accounts that have been disabled."], "summary": {"action": "Patch", "impact": "Continued access via disabled account"}, "threat_synthesis": {"affected_systems": "All versions of Ivanti Neurons for ITSM released before 2025.4 are impacted. The vulnerability applies to both the Cloud and On\u2011Premise editions and is not tied to a particular operating system or hardware configuration.", "description_and_impact": "Ivanti Neurons for ITSM, both Cloud and On\u2011Premise, contains an improperly protected alternate path that allows a remote authenticated user to continue interacting with the system after their account has been disabled. This flaw can let an attacker maintain session activity beyond the intended account deactivation point, potentially giving them ongoing, unauthorized access. The weakness aligns with CWE\u2011424, representing a logical error where an entity\u2019s intended user access controls are overridden or bypassed.", "risk_and_exploitability": "The CVSS score of 5.7 reflects a moderate impact, indicating that continued access could lead to unauthorized actions but does not guarantee full privilege escalation. EPSS data is not available, so precise exploit probability cannot be assessed. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires the attacker to be a legitimate user of the system; once authenticated, they can exploit the alternate path to retain access after the account has been disabled. The attack vector is remote, network\u2011based, and authenticated. The available information does not disclose whether attackers have already exploited this flaw in production environments."}}}}, "created": "2026-04-14T16:15:28.081355+00:00", "title": "Authenticated Bypass of Account Disabling in Ivanti Neurons for ITSM", "updated": "2026-04-14T16:30:25.664798+00:00", "vendors": ["ivanti", "ivanti$PRODUCT$neurons_for_itsm"]}