A newly disclosed set of ITSM vulnerabilities in Ivanti Neurons has been reported. The flaws could allow attackers to retain access to enterprise systems under certain conditions. The issues, tracked as CVE-2026-4913 and CVE-2026-4914, affect Ivanti’s Neurons for IT Service Management (ITSM) platform. 

Ivanti recently published the security advisory outlining these two vulnerabilities. These flaws could enable remote authenticated attackers to hijack or persist in user sessions, potentially maintaining unauthorized access even after administrative actions such as account deactivation. 

The vulnerabilities affect both on-premises and cloud deployments running version 2025.3 and earlier....