CVE-2026-8111

Daily digests

An authenticated user on the Ivanti Endpoint Manager web console can exploit a SQL injection to achieve full remote code execution on the EPM server. You need valid credentials, but any console user will do. Given Ivanti's track record of these bugs being targeted quickly after disclosure, don't sit on this one.

• Patch Tuesday · May 13, 2026

  Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more