Ivanti is warning {that a} new safety flaw impacting Endpoint Supervisor Cellular (EPMM) has been explored in restricted assaults within the wild.
The high-severity vulnerability, CVE-2026-6973 (CVSS rating: 7.2), is a case of improper enter validation affecting EPMM earlier than variations 12.6.1.1, 12.7.0.1, and 12.8.0.1.
It permits “a remotely authenticated person with administrative entry to realize distant code execution,” Ivanti mentioned in an advisory launched immediately.
“We’re conscious of a really restricted variety of clients exploited with CVE-2026-6973. Profitable exploitation requires Admin authentication. If clients adopted Ivanti’s advice in January to rotate credentials for those who have been exploited with CVE-2026-1281 and CVE-2026-1340, then your danger of exploitation from CVE-2026-6973 is considerably lowered.”
It is at present not recognized who’s behind the exploitation efforts, if any of these assaults have been profitable, and what the tip objectives of the assaults have been.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) so as to add the flaw to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Govt Department (FCEB) companies to use the fixes by Might 10, 2026.
Additionally patched by Ivanti in EPMM are 4 different flaws –
- CVE-2026-5786 (CVSS rating: 8.8) – An improper entry management vulnerability that enables a distant authenticated attacker to achieve administrative entry.
- CVE-2026-5787 (CVSS rating: 8.9) – An improper certificates validation vulnerability that enables a distant unauthenticated attacker to impersonate registered Sentry hosts and acquire legitimate CA-signed shopper certificates.
- CVE-2026-5788 (CVSS rating: 7.0) – An improper entry management vulnerability that enables a distant unauthenticated attacker to invoke arbitrary strategies.
- CVE-2026-7821 (CVSS rating: 7.4) – An improper certificates validation vulnerability that enables a distant unauthenticated attacker to enroll a tool belonging to a restricted set of unenrolled gadgets, resulting in data disclosure concerning the EPMM equipment and impacting the integrity of the newly enrolled system identification.
“The problems solely have an effect on the on-prem EPMM product, and are usually not current in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint administration answer, Ivanti EPM (a equally named, however completely different product), Ivanti Sentry, or another Ivanti merchandise,” the corporate mentioned.
