Detections
Analytics

Ivanti Virtual Traffic Manager (vTM) < 22.9R4 OS Command Injection (CVE-2026-8051)

high Nessus Plugin ID 315230

Language:

Synopsis

An application running on the remote web server is affected by an OS command injection vulnerability.

Description

The version of Ivanti Virtual Traffic Manager (vTM) running on the remote host is prior to 22.9R4. It is, therefore, affected by an OS command injection vulnerability:

 - OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (CVE-2026-8051)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Ivanti Virtual Traffic Manager (vTM) version 22.9R4 or later.

See Also

http://www.nessus.org/u?40f8f538

Plugin Details

Severity: High

ID: 315230

File Name: ivanti_virtual_traffic_manager_CVE-2026-8051.nasl

Version: 1.2

Type: Remote

Family: CGI abuses

Published: 5/18/2026

Updated: 5/20/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-8051

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:pulsesecure:virtual_traffic_manager, x-cpe:/a:ivanti:virtual_traffic_manager

Required KB Items: installed_sw/Ivanti Virtual Traffic Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 5/12/2026

Vulnerability Publication Date: 5/12/2026

Reference Information

CVE: CVE-2026-8051