CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs May 22, 2026

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access - The Hacker News

The Hacker News Archived May 22, 2026 ✓ Full text saved

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access The Hacker News

Full text archived locally
✦ AI Summary · Claude Sonnet


    Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access Ravie LakshmananMay 07, 2026Vulnerability / Network Security Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve remote code execution," Ivanti said in an advisory released today. "We are aware of a very limited number of customers exploited with CVE-2026-6973. Successful exploitation requires Admin authentication. If customers followed Ivanti's recommendation in January to rotate credentials if you were exploited with CVE-2026-1281 and CVE-2026-1340, then your risk of exploitation from CVE-2026-6973 is significantly reduced." It's currently not known who is behind the exploitation efforts, if any of those attacks were successful, and what the end goals of the attacks were. The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by May 10, 2026. Also patched by Ivanti in EPMM are four other flaws - CVE-2026-5786 (CVSS score: 8.8) - An improper access control vulnerability that allows a remote authenticated attacker to gain administrative access. CVE-2026-5787 (CVSS score: 8.9) - An improper certificate validation vulnerability that allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. CVE-2026-5788 (CVSS score: 7.0) - An improper access control vulnerability that allows a remote unauthenticated attacker to invoke arbitrary methods. CVE-2026-7821 (CVSS score: 7.4) - An improper certificate validation vulnerability that allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about the EPMM appliance and impacting the integrity of the newly enrolled device identity. "The issues only affect the on-prem EPMM product, and are not present in Ivanti Neurons for MDM, Ivanti's cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products," the company said. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  CISA, cybersecurity, data security, network security, remote code execution, Threat Intelligence, Vulnerability ⚡ Top Stories This Week [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages Load More ▼ ⭐ Featured Resources [Guide] Stop Email Fraud Before It Turns Into Ransomware Damage [Webinar] Learn How to Handle Critical SOC Alerts With AI Support [eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk Identify Internal Attack Surfaces More Efficiently With a Free Assessment
    💬 Team Notes
    Article Info
    Source
    The Hacker News
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    May 22, 2026
    Archived
    May 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗