Ivanti Vulnerabilities Exploited via Single IP Address
First seen 16 Feb 2026, 19:09 UTC
•
•77% similarity
•29.9
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Two vulnerabilities in Ivanti Endpoint Manager Mobile (CVE-2026-21962 and CVE-2026-24061) have been flagged as actively exploited in zero-day attacks. A single IP address is responsible for over 83% of exploitation activity related to these vulnerabilities, as reported by GreyNoise. Ivanti has released hotfixes to address these issues.
ThreatCluster AI
Timeline
2026-01-20
CVE-2026-21962 published
2026-01-21
CVE-2026-24061 published
2026-01-21
First public PoC for CVE-2026-24061
2026-01-22
First public PoC for CVE-2026-21962
2026-01-26
CVE-2026-24061 added to CISA KEV (active exploitation)
2026-02-16
Ivanti announces hotfixes for the vulnerabilities