Ivanti Warns of New EPMM Flaw Exploited in Zero-Day Attacks
Ivanti said the flaw requires authenticated admin access and released fixes for five vulnerabilities, while CISA added the zero-day to its catalog within hours.
- On Thursday, Ivanti released patches for five vulnerabilities in Endpoint Manager Mobile , including one zero-day actively exploited in the wild.
- Unlike previous unauthenticated code-injection flaws, this zero-day requires authenticated administrative access to exploit, making customers who rotated credentials following January's CVE-2026-1281 and CVE-2026-1340 attacks significantly less vulnerable.
- Internet security watchdog Shadowserver currently tracks over 850 IP addresses with EPMM fingerprints exposed online, while the Cybersecurity and Infrastructure Security Agency has flagged 34 Ivanti defects on its known exploited vulnerabilities catalog since late 2021.
- CISA added the zero-day to its known exploited vulnerabilities catalog within hours of Thursday's disclosure, while Ivanti confirmed no evidence that four additional patched defects—CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821—have been exploited.
- Ivanti Chief Security Officer Daniel Spicer stated the company maintains an 'aggressive' communication stance regarding disclosures, noting the firm uses advanced AI and internal detection processes to identify and remediate vulnerabilities quickly.
11 Articles
11 Articles
CyberScoopcybernoz.comIvanti customers confront yet another actively exploited zero-day
Attackers are hitting Ivanti customers yet again — circling back to a common target and consistently susceptible vendor in the network edge space — by exploiting a zero-day vulnerability in one of the company’s most besieged products. Ivanti warned customers that attackers have successfully exploited CVE-2026-6973, an improper input validation defect in Ivanti Endpoint Manager Mobile (EPMM) that allows authenticated users with administrative pr…
Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the company said in a security advisory published on Thursday. About CVE-2026-6973 CVE-2026-6973 is caused by improper input validation and allows remote attackers with administra…
Ivanti has released security updates for the Endpoint Manager Mobile (EPMM). They also close already attacked gaps.
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve remote code
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
