Secure Cyber Vulnerability Management

08/05/2026
Qualys-Threat-Protect

Ivanti Endpoint Manager Mobile Vulnerability Exploited in the Wild (CVE-2026-6973)

by Deepanshu Jha

Ivanti released security updates to address five high-severity vulnerabilities impacting Endpoint Manager Mobile (EPMM). One of these vulnerabilities, tracked as CVE-202606973, is said to be exploited in zero-day attacks.

This Improper Input Validation vulnerability in Ivanti EPMM requires Admin authentication for successful exploitation. A remote authenticated user with administrative access may exploit the vulnerability to execute arbitrary code remotely.

Ivanti mentioned in their advisory that they are “aware of a very limited number of customers exploited with CVE-2026-6973.”

CISA also acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the vulnerability before May 10, 2026.

Ivanti Endpoint Manager Mobile (EPMM) is an on-premise Unified Endpoint Management (UEM) platform designed to secure and manage mobile devices, applications, and content. It enables IT administrators to enforce security policies, manage device lifecycles (iOS, Android, Windows, macOS), and protect corporate data on company-owned or BYOD devices.

Here are the other four vulnerabilities that were addressed by Ivanti in the updates yesterday:

CVE-2026-5786

An Improper Access Control vulnerability that may allow a remote authenticated attacker to gain administrative access.

CVE-2026-5787

An Improper Certificate Validation vulnerability that could allow a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

CVE-2026-5788

An Improper Access Control vulnerability that may allow a remote unauthenticated attacker to invoke arbitrary methods.

CVE-2026-7821

Improper certificate validation vulnerability that can allow a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices. Successful exploitation of the vulnerability can lead to information disclosure about the EPMM appliance and impact the integrity of the newly enrolled device’s identity.

Affected Versions

The vulnerabilities affect Ivanti EPMM version 12.8.0.0 and earlier.

Mitigation

Users must upgrade to the Ivanti EPMM versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 to patch the vulnerabilities.

For more information, please refer to the Ivanti Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 734188 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US

Comments are closed.

You may also like