CVE-2026-1603 (CVSS 9.1, EPSS 97.56th percentile) is an authentication bypass in Ivanti Endpoint Manager allowing unauthenticated remote attackers to extract stored credential data, confirmed under active exploitation with a CISA KEV remediation deadline of March 23, 2026. Credential theft from EPM directly enables lateral movement using any service or privileged account credentials the platform manages. Organizations should patch immediately, assume stored credentials may already be compromised, and rotate all credentials managed by affected EPM instances starting with privileged and service accounts.