Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access Ravie LakshmananMay 07, 2026Vulnerability / Network Security Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve remote code execution," Ivanti said in an advisory released today. "We are aware of a very limited number of customers exploited with CVE-2026-6973. Successful exploitation requires Admin authentication. If customers followed Ivanti's recommendation in January to rotate credentials if you were exploited with CVE-2026-1281 and CVE-2026-1340, then your risk of exploitation from CVE-2026-6973 is significantly reduced." It's currently not known who is behind the exploitation efforts, if any of those attacks were successful, and what the end goals of the attacks were. The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by May 10, 2026. Also patched by Ivanti in EPMM are four other flaws - CVE-2026-5786 (CVSS score: 8.8) - An improper access control vulnerability that allows a remote authenticated attacker to gain administrative access. CVE-2026-5787 (CVSS score: 8.9) - An improper certificate validation vulnerability that allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. CVE-2026-5788 (CVSS score: 7.0) - An improper access control vulnerability that allows a remote unauthenticated attacker to invoke arbitrary methods. CVE-2026-7821 (CVSS score: 7.4) - An improper certificate validation vulnerability that allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about the EPMM appliance and impacting the integrity of the newly enrolled device identity. "The issues only affect the on-prem EPMM product, and are not present in Ivanti Neurons for MDM, Ivanti's cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products," the company said. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  CISA, cybersecurity, data security, network security, remote code execution, Threat Intelligence, Vulnerability ⚡ Top Stories This Week Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE and More Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise Day Zero Readiness: The Operational Gaps That Break Incident Response Trellix Confirms Source Code Breach With Unauthorized Repository Access ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories 2026: The Year of AI-Assisted Attacks Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions Load More ▼ ⭐ Featured Resources [Webinar] Learn How Autonomous Validation Keeps Pace With AI Attacks [Demo] Discover How to Control Autonomous Identity Risks Effectively [Demo] Stop Email Attacks and Protect Cloud Workspace Data Faster [Guide] Get Practical AI SOC Insights to Improve Threat Detection