This vulnerability (CVE-2026-7432) involves a race condition (CWE-362) in Ivanti Secure Access Client prior to version 22.8R6. A race condition occurs when concurrent execution using shared resources is improperly synchronized, which in this case enables a locally authenticated user to escalate privileges to SYSTEM level. The CVSS 3.1 score of 7.8 reflects high impact on confidentiality, integrity, and availability. The vendor has published the vulnerability but has not yet provided an official fix or remediation level. The product is not a cloud service, so remediation depends on vendor patching the client software.

A locally authenticated user can exploit this race condition to gain SYSTEM privileges, which could lead to full control over the affected system. This elevates the risk of unauthorized actions, including installing malware, accessing sensitive data, or disrupting system operations. The vulnerability affects confidentiality, integrity, and availability at a high level.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is currently documented, organizations should monitor Ivanti's advisories for updates. Until a patch is available, restrict local user access to trusted personnel only and consider additional local privilege restrictions as a temporary measure.