Zero Day MonitorZDM

← Back to list

7.4

CVE-2026-7821PATCHED

ivanti · endpoint_manager_mobile

CVE-2026-7821: Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthen

Description

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.

Affected Products

Vendor	Product	Versions
ivanti	endpoint_manager_mobile	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ivanti	endpoint manager mobile	cert_advisory	90%

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US

Related News (4 articles)

Tier B

BSI Advisories3d ago

[NEU] [hoch] Ivanti Endpoint Manager Mobile: Mehrere Schwachstellen

→ No new info (linked only)

Tier D

SecurityWeek3d ago

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-7821 | Ivanti Endpoint Manager Mobile 12.6.1.1/12.7.0.1/12.8.0.1 certificate validation

→ No new info (linked only)

Tier D

BleepingComputer4d ago

Ivanti warns of new EPMM flaw exploited in zero-day attacks

→ No new info (linked only)

CVSS 3.17.4 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

12.6.1.112.7.0.112.8.0.1

CWECWE-295

PublishedMay 7, 2026

Last enriched4d ago

Trending Score34

Source articles4

Independent4

Info Completeness8/14

Missing: versions, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-6973EXPKEV

CVE-2026-6973: An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authentic

HIGHCVE-2026-5787

CVE-2026-5787: An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unaut

HIGHCVE-2026-5786

CVE-2026-5786: An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote

HIGHCVE-2026-5788

CVE-2026-5788: An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticat

HIGHCVE-2026-4913EXP

CVE-2026-4913: Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker t

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 7, 2026

Discovered by ZDM

May 7, 2026

Patch Available

May 7, 2026