CVE-2026-6973KEVEXPLOITEDPATCHED

ivanti · endpoint_manager_mobile

CVE-2026-6973: An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authentic

Description

CVE-2026-6973 is caused by improper input validation and allows remote attackers with administrative privileges to execute arbitrary code on vulnerable instances.

Affected Products

Vendor	Product	Versions
ivanti	endpoint_manager_mobile	12.8.0.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ivanti	endpoint manager mobile	cert_advisory	90%

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US

Related News (12 articles)

Tier B

CERT-FR20h ago

Bulletin d'actualité CERTFR-2026-ACT-021 (11 mai 2026)

→ No new info (linked only)

Tier D

CSO Online2d ago

Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile

→ No new info (linked only)

Tier D

BleepingComputer3d ago

CISA gives feds four days to patch Ivanti flaw exploited as zero-day

→ No new info (linked only)

Tier B

BSI Advisories3d ago

[NEU] [hoch] Ivanti Endpoint Manager Mobile: Mehrere Schwachstellen

→ No new info (linked only)

Tier D

Help Net Security3d ago

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)

→ No new info (linked only)

Tier D

Heise Security3d ago

Ivanti EPMM: Update stopft bereits angegriffene Sicherheitslücken

→ No new info (linked only)

Tier D

SecurityWeek3d ago

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

→ No new info (linked only)

Tier D

The Hacker News4d ago

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-6973 | Ivanti Endpoint Manager Mobile 12.6.1.1/12.7.0.1/12.8.0.1 input validation

→ No new info (linked only)

Tier B

CCCS Canada4d ago

Ivanti security advisory (AV26-435)

→ No new info (linked only)

Tier D

BleepingComputer4d ago

Ivanti warns of new EPMM flaw exploited in zero-day attacks

→ No new info (linked only)

Tier B

CERT-FR4d ago

Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (07 mai 2026)

→ No new info (linked only)

CVSS 3.17.0 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

12.6.1.112.7.0.112.8.0.1

CWECWE-20, CWE-352

PublishedMay 7, 2026

Last enriched2d agov8

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-7821

CVE-2026-7821: Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthen

Trending: 34

HIGHCVE-2026-5787

CVE-2026-5787: An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unaut

Trending: 31

HIGHCVE-2026-5786

CVE-2026-5786: An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote

Trending: 31

HIGHCVE-2026-5788

CVE-2026-5788: An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticat

Trending: 28

HIGHCVE-2026-4913EXP

CVE-2026-4913: Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker t

Trending: 1

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 7, 2026

Added to CISA KEV

May 7, 2026

Discovered by ZDM

May 7, 2026

Updated: affectedVersions, cweIds

May 7, 2026

Updated: exploitAvailable, activelyExploited

May 7, 2026

Actively Exploited

May 8, 2026

Exploit Available

May 8, 2026

Patch Available

May 8, 2026

Updated: cweIds, iocs, tags

May 8, 2026

Updated: description

May 8, 2026

Updated: description

May 8, 2026

Updated: affectedVersions, tags

May 8, 2026

Updated: cvssEstimate

May 8, 2026

Version History

Last enriched 2d ago

v8Tier D2d ago

Updated CVSS score to 7.0 and noted that patch availability is now unspecified.

cvssEstimate

via CSO Online

v7Tier D3d ago

Added affected version 12.8.0.0 and included new tags related to CISA's mandate.

affectedVersionstags

via BleepingComputer

v6Tier D3d ago

Updated description to include details about remote code execution and administrative privileges required for exploitation.

description

via Help Net Security

v5Tier D3d ago

Updated description to include details about the vulnerability being actively exploited and confirmed the severity remains HIGH.

description

via Heise Security

v4Tier D3d ago

Updated description with details on targeted attacks and added new CWE and tags related to zero-day exploitation.

cweIdsiocstags

via SecurityWeek

v3Tier B4d ago

Updated exploit availability to true, marked as actively exploited, and set patch available to null.

exploitAvailableactivelyExploited

via CERT-FR

v2Tier B4d ago

Updated affected versions, changed severity to CRITICAL, marked as actively exploited, and added new CWE IDs.

affectedVersionscweIds

via CERT-FR

v14d ago

Initial creation