Ivanti Vulnerabilities Exploited via Single IP Address

Ivanti Vulnerabilities Exploited via Single IP Address

First seen 16 Feb 2026, 19:09 UTC CisoseriesLinkedin 77% similarity 29.9

Article Content

Browse articles
ThreatCluster

Two vulnerabilities in Ivanti Endpoint Manager Mobile (CVE-2026-21962 and CVE-2026-24061) have been flagged as actively exploited in zero-day attacks. A single IP address is responsible for over 83% of exploitation activity related to these vulnerabilities, as reported by GreyNoise. Ivanti has released hotfixes to address these issues.

ThreatCluster AI

Timeline

2026-01-20
CVE-2026-21962 published
2026-01-21
CVE-2026-24061 published
2026-01-21
First public PoC for CVE-2026-24061
2026-01-22
First public PoC for CVE-2026-21962
2026-01-26
CVE-2026-24061 added to CISA KEV (active exploitation)
2026-02-16
Ivanti announces hotfixes for the vulnerabilities

Community

Browse all →