CVE-2026-8051

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2026-8051?language=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ivanti:virtual_traffic_manager::::::::
	cpe:2.3:a:ivanti:virtual_traffic_manager:22.9:r1::::::
	cpe:2.3:a:ivanti:virtual_traffic_manager:22.9:r2::::::
	cpe:2.3:a:ivanti:virtual_traffic_manager:22.9:r3::::::

History

15 May 2026, 13:58

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ivanti:virtual_traffic_manager:22.9:r3:::::: cpe:2.3:a:ivanti:virtual_traffic_manager:22.9:r2:::::: cpe:2.3:a:ivanti:virtual_traffic_manager:22.9:r1:::::: cpe:2.3:a:ivanti:virtual_traffic_manager::::::::
First Time		Ivanti Ivanti virtual Traffic Manager
References	~~() https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2026-8051?language=en_US -~~	() https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2026-8051?language=en_US - Vendor Advisory

12 May 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-12 15:16

Updated : 2026-05-15 13:58

NVD link : CVE-2026-8051

Mitre link : CVE-2026-8051

CVE.ORG link : CVE-2026-8051

JSON object : View

Products Affected

ivanti

virtual_traffic_manager

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

7.2 /10