Improper Access Control in Ivanti EPMM Affects Multiple Versions
CVE-2026-5788

7HIGH

Key Information:

Vendor: Ivanti
Status: Endpoint Manager Mobile
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-5788?

Ivanti EPMM suffers from an improper access control vulnerability that allows remote, unauthenticated attackers to invoke arbitrary methods. This flaw exists in versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1. Organizations using affected versions are encouraged to upgrade promptly to maintain security and protect sensitive data.

Affected Version(s)

Endpoint Manager Mobile 12.8.0.1

Endpoint Manager Mobile 12.7.0.1

References

https://hub.ivanti.com/s/article/May-2026-Security-Adviso...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-5788 Data

JSON