Ivanti is warning {that a} new safety flaw impacting Endpoint Supervisor Cell (EPMM) has been explored in restricted assaults within the wild.
The high-severity vulnerability, CVE-2026-6973 (CVSS rating: 7.2), is a case of improper enter validation affecting EPMM earlier than variations 12.6.1.1, 12.7.0.1, and 12.8.0.1.
It permits “a remotely authenticated consumer with administrative entry to attain distant code execution,” Ivanti mentioned in an advisory launched immediately.
“We’re conscious of a really restricted variety of clients exploited with CVE-2026-6973. Profitable exploitation requires Admin authentication. If clients adopted Ivanti’s suggestion in January to rotate credentials for those who had been exploited with CVE-2026-1281 and CVE-2026-1340, then your danger of exploitation from CVE-2026-6973 is considerably lowered.”
It is at the moment not identified who’s behind the exploitation efforts, if any of these assaults had been profitable, and what the top objectives of the assaults had been.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) to add the flaw to its Identified Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Government Department (FCEB) businesses to use the fixes by Might 10, 2026.
Additionally patched by Ivanti in EPMM are 4 different flaws –
- CVE-2026-5786 (CVSS rating: 8.8) – An improper entry management vulnerability that permits a distant authenticated attacker to achieve administrative entry.
- CVE-2026-5787 (CVSS rating: 8.9) – An improper certificates validation vulnerability that permits a distant unauthenticated attacker to impersonate registered Sentry hosts and acquire legitimate CA-signed consumer certificates.
- CVE-2026-5788 (CVSS rating: 7.0) – An improper entry management vulnerability that permits a distant unauthenticated attacker to invoke arbitrary strategies.
- CVE-2026-7821 (CVSS rating: 7.4) – An improper certificates validation vulnerability that permits a distant unauthenticated attacker to enroll a tool belonging to a restricted set of unenrolled units, resulting in info disclosure in regards to the EPMM equipment and impacting the integrity of the newly enrolled gadget id.
“The problems solely have an effect on the on-prem EPMM product, and usually are not current in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint administration answer, Ivanti EPM (a equally named, however completely different product), Ivanti Sentry, or some other Ivanti merchandise,” the corporate mentioned.
