Skip to main content

Ivanti Releases Security Updates for High‑Severity Vulnerabilities in Endpoint Manager Mobile (EPMM)

Two high‑severity vulnerabilities in Ivanti EPMM could enable authenticated attackers to gain administrative access and execute arbitrary code

Threat ID:
CC-4780
Threat Severity:
Medium
Published:
8 May 2026 3:58 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Two high‑severity vulnerabilities in Ivanti EPMM could enable authenticated attackers to gain administrative access and execute arbitrary code

Affected platforms

The following platforms are known to be affected:

Ivanti Endpoint Manager Mobile

  • all prior to 12.8.0.0

Threat details

Exploitation of CVE-2026-6973 in the wild

Ivanti has confirmed limited active exploitation of CVE‑2026‑6973 in the wild. CVE-2026-6973 has been added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog.

The NHS England National CSOC assesses further exploitation as highly likely.

Introduction

Ivanti has released security updates to address two high severity vulnerabilities in Endpoint Manager Mobile (EPMM). Successful exploitation could allow an authenticated attacker to gain full administrative control of affected EPMM environments, potentially leading to remote code execution and compromise of managed mobile devices.

  • CVE‑2026‑6973 – "Improper Input Validation" vulnerability – CVSS v3.1 score of 7.2
  • CVE‑2026‑5786 – "Improper Access Control" vulnerability – CVSS v3.1 score of 8.8

Remediation advice

Affected organisations are strongly encouraged to review Ivanti’s May 2026 Security Advisory – Ivanti Endpoint Manager Mobile (EPMM) Multiple CVEs and apply the relevant updates as soon as practicable.

Last edited: 8 May 2026 3:58 pm