Ivanti Connect Secure RCE: Everything You Need to Know Before You Patch
Ivanti has released an emergency patch for CVE-2026-0842, a critical remote code execution vulnerability in Connect Secure VPN. The flaw exists in the SAML authentication component and allows unauthenticated attackers to execute arbitrary code as root.
Affected Versions
All versions of Ivanti Connect Secure prior to 22.7R2.6 are affected. Ivanti Policy Secure versions prior to 22.7R1.3 are also vulnerable. Cloud-managed deployments received automatic patches on June 4th.
HIGH PRIORITY: Ivanti VPN appliances are a top target for nation-state actors. CISA has added this CVE to its Known Exploited Vulnerabilities catalog with a 48-hour remediation deadline for federal agencies.
Patch Guidance
Before applying the patch, perform a factory reset of the appliance to eliminate any potential backdoors. Ivanti has confirmed that threat actors have been deploying web shells on compromised devices. A factory reset followed by patch application is the only recommended remediation path.
CVE ID
CVE-2026-0842
CVSS Score
9.6 / 10.0 — CRITICAL
Affected Products
- Ivanti Connect Secure 22.x
- Ivanti Connect Secure 9.x
- Ivanti Policy Secure
Stay ahead of the threat landscape with ZeroDay Journal's OSINT-powered intelligence.
All Articles