UPDATE: Ivanti Secure Access Client — NCSC.ch adds CVE-2026-8992 (local privilege escalation, CVSS 7.8) to May advisory

UPDATE (originally covered 2026-05-08): NCSC Switzerland updated its Ivanti May 2026 advisory on 29 May 2026, adding CVE-2026-8992, a local privilege escalation in the Ivanti Secure Access Client (NCSC Switzerland Security Hub, 2026-05-29). CVSS 3.1 = 7.8 HIGH. A locally-authenticated attacker on a managed endpoint running the Ivanti SAC client can escalate from a standard Windows user session to local admin. Ivanti patched CVE-2026-8992 in all SAC client versions released on or after 12 May 2026. This is secondary to the actively-exploited CVE-2026-6973 (Ivanti EPMM admin-authenticated RCE, CISA KEV) which remains the highest-severity Ivanti item. Detection: Windows Event IDs 4672 and 4673 (special privilege assignment) correlated with Ivanti SAC process lineage (ivanti-vpn.exe, Ivanti Secure Access Client.exe). Hardening: update SAC client to any release from 12 May 2026 or later via EPMM-managed software inventory.