{"id":14547,"date":"2026-05-08T00:28:34","date_gmt":"2026-05-08T00:28:34","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=14547"},"modified":"2026-05-08T00:28:34","modified_gmt":"2026-05-08T00:28:34","slug":"ivanti-epmm-cve-2026-6973-rce-beneath-energetic-exploitation-grants-admin-degree-entry","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=14547","title":{"rendered":"Ivanti EPMM CVE-2026-6973 RCE Beneath Energetic Exploitation Grants Admin-Degree Entry"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Might 07, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Community Safety<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiX-v9Rdn-UppGqdbm0oFYXNg6myRCPn8r-d4BXVN0e2r2hqrYbGPUwOKafMbwKlojjbck4C8Ez6dxZ7WcLF45PNphvCo1K4OGhXl0u9fWanVMbO62iZoWMQJrplTa6VaXfI2rhQL40PoDK0ZNh2jqDJGBc9LylbIE92LWSNEIkVUhSpkGyAfV7g-DVZlU1\/s1600\/ivanti.jpg\" style=\"display: block; padding: 1em 0; text-align: center; clear: left; float: left;\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"470\" data-original-width=\"900\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiX-v9Rdn-UppGqdbm0oFYXNg6myRCPn8r-d4BXVN0e2r2hqrYbGPUwOKafMbwKlojjbck4C8Ez6dxZ7WcLF45PNphvCo1K4OGhXl0u9fWanVMbO62iZoWMQJrplTa6VaXfI2rhQL40PoDK0ZNh2jqDJGBc9LylbIE92LWSNEIkVUhSpkGyAfV7g-DVZlU1\/s1600\/ivanti.jpg\"\/><\/a><\/div>\n<p>Ivanti is warning {that a} new safety flaw impacting Endpoint Supervisor Cell (EPMM) has been explored in restricted assaults within the wild.<\/p>\n<p>The high-severity vulnerability, <strong>CVE-2026-6973<\/strong> (CVSS rating: 7.2), is a case of improper enter validation affecting EPMM earlier than variations 12.6.1.1, 12.7.0.1, and 12.8.0.1.<\/p>\n<p>It permits &#8220;a remotely authenticated consumer with administrative entry to attain distant code execution,&#8221; Ivanti <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hub.ivanti.com\/s\/article\/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US\">mentioned<\/a> in an advisory launched immediately.<\/p>\n<p>&#8220;We&#8217;re conscious of a really restricted variety of clients exploited with CVE-2026-6973. Profitable exploitation requires Admin authentication. If clients adopted Ivanti&#8217;s suggestion in January to rotate credentials for those who had been exploited with <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/thehackernews.com\/2026\/01\/two-ivanti-epmm-zero-day-rce-flaws.html\">CVE-2026-1281 and CVE-2026-1340<\/a>, then your danger of exploitation from CVE-2026-6973 is considerably lowered.&#8221;<\/p>\n<p>It is at the moment not identified who&#8217;s behind the exploitation efforts, if any of these assaults had been profitable, and what the top objectives of the assaults had been.<\/p>\n<p><\/p>\n<p>The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/05\/07\/cisa-adds-one-known-exploited-vulnerability-catalog\">add<\/a> the flaw to its Identified Exploited Vulnerabilities (<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">KEV<\/a>) catalog, requiring Federal Civilian Government Department (FCEB) businesses to use the fixes by Might 10, 2026.<\/p>\n<p>Additionally patched by Ivanti in EPMM are 4 different flaws &#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-5786<\/strong> (CVSS rating: 8.8) &#8211; An improper entry management vulnerability that permits a distant authenticated attacker to achieve administrative entry.<\/li>\n<li><strong>CVE-2026-5787<\/strong> (CVSS rating: 8.9) &#8211; An improper certificates validation vulnerability that permits a distant unauthenticated attacker to impersonate registered Sentry hosts and acquire legitimate CA-signed consumer certificates.<\/li>\n<li><strong>CVE-2026-5788<\/strong> (CVSS rating: 7.0) &#8211; An improper entry management vulnerability that permits a distant unauthenticated attacker to invoke arbitrary strategies.<\/li>\n<li><strong>CVE-2026-7821<\/strong> (CVSS rating: 7.4) &#8211; An improper certificates validation vulnerability that permits a distant unauthenticated attacker to enroll a tool belonging to a restricted set of unenrolled units, resulting in info disclosure in regards to the EPMM equipment and impacting the integrity of the newly enrolled gadget id.<\/li>\n<\/ul>\n<p>&#8220;The problems solely have an effect on the on-prem EPMM product, and usually are not current in Ivanti Neurons for MDM, Ivanti&#8217;s cloud-based unified endpoint administration answer, Ivanti EPM (a equally named, however completely different product), Ivanti Sentry, or some other Ivanti merchandise,&#8221; the corporate <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.ivanti.com\/blog\/may-2026-epmm-security-update\">mentioned<\/a>.<\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Might 07, 2026Vulnerability \/ Community Safety Ivanti is warning {that a} new safety flaw impacting Endpoint Supervisor Cell (EPMM) has been explored in restricted assaults within the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS rating: 7.2), is a case of improper enter validation affecting EPMM earlier than variations 12.6.1.1, 12.7.0.1, and 12.8.0.1. It permits &#8220;a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":14549,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[539,768,8992,8991,5428,2036,5376,855,6788],"class_list":["post-14547","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-access","tag-active","tag-adminlevel","tag-cve20266973","tag-epmm","tag-exploitation","tag-grants","tag-ivanti","tag-rce"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14547"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14547\/revisions"}],"predecessor-version":[{"id":14548,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14547\/revisions\/14548"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/14549"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-05-08 02:11:45 UTC -->