Improper Input Validation in Ivanti Endpoint Manager Mobile
CVE-2026-6973
Key Information:
- Vendor
Ivanti
- Status
- Vendor
- CVE Published:
- 7 May 2026
Badges
What is CVE-2026-6973?
CVE-2026-6973 is a vulnerability found in Ivanti Endpoint Manager Mobile (EPMM), a product designed to provide mobile device management solutions for organizations. The vulnerability arises from improper input validation within the software, which affects versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. A remotely authenticated user with administrative privileges can exploit this flaw to achieve remote code execution, potentially allowing attackers to manipulate system functionalities or access sensitive data. The significance of this vulnerability is heightened as Ivanti EPMM is commonly used in enterprise environments to manage and secure mobile devices, making its exploitation highly detrimental.
Potential impact of CVE-2026-6973
-
Remote Code Execution: The primary risk associated with CVE-2026-6973 is the potential for remote code execution. This enables an attacker to execute arbitrary code on the affected system, which can lead to unauthorized control over the mobile management platform and any devices managed through it.
-
Data Breach Risks: By exploiting the vulnerability, malicious actors could gain access to confidential user data and sensitive organizational information stored within the EPMM platform. This poses risks of data leaks, compliance violations, and damage to reputation.
-
Compromise of Mobile Security: Given that EPMM is responsible for managing mobile devices, successful exploitation could lead to broader mobile security breaches. Attackers could manipulate device policies, distribute malicious applications, or disable security measures, further endangering the organization's overall security posture.
CISA has reported CVE-2026-6973
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-6973 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Endpoint Manager Mobile 12.6.1.1
Endpoint Manager Mobile 12.6.1.1
Endpoint Manager Mobile 12.7.0.1
News Articles
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks.
3 weeks ago
It Security NewsCVE-2026-6973Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) - IT Security News
Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,”…Read more →
3 weeks ago
Help Net SecurityCVE-2026-6973Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) - Help Net Security
Ivanti released fixes for high-severity vulnerabilities in its EPMM solution, one of which (CVE-2026-6973) has being exploited as a zero-day.
3 weeks ago
References
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved