OS Command Injection Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2026-10727

7.2HIGH

Key Information:

Vendor

Ivanti

Vendor
CVE Published:
9 June 2026

What is CVE-2026-10727?

An OS command injection vulnerability exists in Ivanti Endpoint Manager Mobile (EPMM) that allows a remote authenticated attacker to execute arbitrary commands with root privileges. This flaw affects versions prior to 12.9.0.1, along with specific releases 12.8.0.3 and 12.7.0.2, posing significant risks to the integrity and security of affected systems.

Affected Version(s)

Endpoint Manager Mobile 12.9.0.1

Endpoint Manager Mobile 12.9.0.1

Endpoint Manager Mobile 12.8.0.3

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.