Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Medium

Sensitive Log Data Exposure in Ivanti Secure Access Client

IdentifiersCVE-2026-7431CWE-732· Incorrect Permission Assignment…

CVE-2026-7431 is an incorrect permission assignment vulnerability in Ivanti Secure Access Client for Windows before version 22.8R6. The flaw affects a critical resource implemented as a shared memory section used for log handling. Due to overly permissive access controls on that shared memory section, a local authenticated user can access the resource with write capability and thereby read or alter sensitive log data.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a local authenticated attacker to access sensitive log information and tamper with log contents. This can expose potentially sensitive operational or diagnostic data and undermine log integrity, which may hinder auditing, incident response, and forensic analysis. Available reporting characterizes the issue as Medium severity with a CVSS score of 4.4.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, limit local access to affected systems to trusted users only, reduce the number of authenticated local accounts, and monitor for unexpected access to or tampering with client log data. Because the issue is rooted in incorrect permissions on a shared memory section, there is no specific complete mitigation in the provided content short of applying the vendor fix.

Remediation

Patch, then assume compromise.

Upgrade Ivanti Secure Access Client for Windows to version 22.8R6 or later. Ivanti identified 22.8R6 as the resolved version for affected 22.8R5 and earlier releases.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
IvantiSecure Access Clientapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app
cyber security newsNews
May 12, 2026
Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager

A sensitive log data exposure vulnerability in Ivanti Secure Access Client caused by incorrect permission assignment on a shared memory section.

Read more
ca ccsNews
May 12, 2026
Ivanti security advisory (AV26-450) - Canadian Centre for Cyber Security

A vulnerability in Ivanti Secure Access Client for Windows affecting version 22.8R5 and prior, addressed by an Ivanti security advisory.

Read more
forums ivantiNews
May 12, 2026
May 2026 Security Advisory Ivanti Secure Access Client (CVE-2026-7431, CVE-2026-7432)

An incorrect permission assignment vulnerability in Ivanti Secure Access Client that allows a local authenticated user to read or modify sensitive log data.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity1

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-7431
NVD
nvd.nist.gov/vuln/detail/CVE-2026-7431
MITRE CWE · CWE-732
Incorrect Permission Assignment for Critical…
Vendor Advisory
hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Secure-Access-Client-CVE-2026-7431-CVE-2026-7432?language=en_US