Ivanti Neurons ITSM Vulnerabilities Could Allow Session Persistence

Ivanti’s Neurons platform powers the service desks of thousands of midsize and enterprise organizations, making its security posture a bellwether for the broader ITSM market. As digital workflows become increasingly automated, attackers target the thin line between user authentication and session management. The newly disclosed CVE‑2026‑4913 and CVE‑2026‑4914 illustrate how even medium‑scored vulnerabilities can create footholds for persistent threats, especially in environments where privileged accounts manage incident response and change control.

The technical nuance of CVE‑2026‑4913 lies in an alternate‑path flaw that bypasses standard session termination, allowing a disabled account to continue interacting with the system. Meanwhile, CVE‑2026‑4914 leverages stored cross‑site scripting to inject malicious scripts that execute in other users’ browsers, potentially leaking configuration details or internal ticket data. Both issues require an authenticated foothold, but once achieved they can undermine the integrity of service management processes, erode trust in ticketing data, and expose organizations to downstream attacks on connected tools.

Ivanti’s rapid release of version 2025.4, with automatic remediation for cloud deployments and a clear manual upgrade path for on‑premises installations, demonstrates a proactive response that aligns with industry best practices. Security teams should verify patch adoption, review session handling policies, and monitor for anomalous activity that could indicate exploitation attempts. As the ITSM ecosystem continues to integrate AI‑driven analytics and third‑party plugins, maintaining a hardened session lifecycle will be critical to preventing similar persistence vectors in future releases.