Secure access client

This hub aggregates every CVE we track for Secure access client, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Secure access client.

• CVE-2026-8992An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.8.8May 22, 2026
• CVE-2026-7432A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM7.8May 12, 2026
• CVE-2026-7431An incorrect permission assignment for critical resource of Ivanti Secure Access Client   before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to ...4.4May 12, 2026
• CVE-2025-0320Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges7.8Jun 17, 2025
• CVE-2025-22454Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.7.8Mar 11, 2025
• CVE-2025-1223An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data6.1Feb 20, 2025
• CVE-2025-1222An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data6.1Feb 20, 2025
• CVE-2024-13813Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.7.1Feb 11, 2025
• CVE-2024-37398Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.7.8Nov 13, 2024
• CVE-2024-38654Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.4.4Nov 13, 2024
• CVE-2024-29211A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.4.7Nov 13, 2024
• CVE-2024-7571Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.7.8Nov 12, 2024
• CVE-2024-9843A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.5.0Nov 12, 2024
• CVE-2024-9842Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.7.3Nov 12, 2024
• CVE-2024-8539Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.7.1Nov 12, 2024