Improper Access Control in Ivanti Endpoint Manager Mobile
CVE-2026-5786

8.8HIGH

Key Information:

Vendor: Ivanti
Status: Endpoint Manager Mobile
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-5786?

An Improper Access Control vulnerability exists in Ivanti Endpoint Manager Mobile (EPMM) that could allow a remote, authenticated attacker to gain administrative privileges. This flaw affects various versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1, posing a significant risk to organizations utilizing this software. Promptly updating to the most recent versions is essential to mitigate potential exploits.

Affected Version(s)

Endpoint Manager Mobile 12.8.0.1

Endpoint Manager Mobile 12.7.0.1

References

https://hub.ivanti.com/s/article/May-2026-Security-Adviso...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-5786 Data

JSON