Ivanti EPMM Zero-Day Attack Exploits Critical Vulnerability CVE-2026-6973

Vaibhav May 8, 2026
www.news4hackers.com-ivanti-epmm-zero-day-attack-exploits-critical-vulnerability-cve-2026-6973-ivanti-epmm-zero-day-attack-exploits-critical-vulnerability-cve-2026-6973
Post Views: 8

Critical Vulnerabilities Discovered in Ivanti Endpoint Manager Mobile (EPM)

In May 2026, Ivanti released patches for five high-severity vulnerabilities in its Endpoint Manager Mobile (EPM) solution, including a previously unknown exploit dubbed CVE-2026-6973.

Vulnerability Overview

  • CVE-2026-6973: Unauthorized actors can execute arbitrary code on affected systems.
  • CVE-2026-5786: Authenticated attackers can elevate privileges due to an improper access control flaw.
  • CVE-2026-5787: Attackers can obtain valid CA-signed client certificates without authentication due to a certificate control issue.
  • CVE-2026-5788: Remote, unauthenticated attackers can invoke arbitrary methods due to another improper access control vulnerability.
  • CVE-2026-7821: Unauthenticated attackers can enroll devices and expose sensitive information about the EPM appliance.

Affected Versions and Mitigation Steps

The following versions of EPM are affected:

Ivanti EPM versions 12.8.0.0 and earlier.

The patched releases address the mentioned vulnerabilities and are available in versions 12.6.1.1, 12.7.0.1, and 12.8.0.1.

According to Ivanti, a small number of customers have fallen victim to CVE-2026-6973. Those who had already taken Ivanti’s advice in January to rotate their credentials in response to previous vulnerabilities (CVE-2026-1281 and CVE-2026-1340) are less likely to be compromised by CVE-2026-6973.

To mitigate these issues, Ivanti advises organizations to:

  • Upgrade to a fixed version of EPM
  • Review accounts with administrative privileges and rotate those credentials
  • Perform a thorough security audit of their Sentinel appliances, as they rely on EPM for configuration

Notable Victims and Reliable Indicators of Compromise

Some notable victims of CVE-2026-6973 include:

  • The European Commission
  • The Dutch Data Protection Authority (AP)
  • The Council for the Judiciary (Rvdr)
  • Valtori, Finland’s central government ICT service center

Unfortunately, reliable indicators of compromise for CVE-2026-6973 are currently unavailable.

US Cybersecurity and Infrastructure Security Agency Response

The US Cybersecurity and Infrastructure Security Agency has included the vulnerability in its list of known exploited vulnerabilities and directed federal agencies to address it within three days.



About Author

Vaibhav

See author's posts

More Stories

www.news4hackers.com-google-chrome-extension-claude-bleed-vulnerability-exposes-users-sensitive-data-google-chrome-extension-claude-bleed-vulnerability-exposes-users-sensitive-data

Google Chrome Extension Claude Bleed Vulnerability Exposes Users’ Sensitive Data

Vaibhav May 8, 2026
www.news4hackers.com-how-to-protect-against-cybersecurity-vulnerability-floods-how-to-protect-against-cybersecurity-vulnerability-floods

How to Protect Against Cybersecurity Vulnerability Floods

Vaibhav May 8, 2026
www.news4hackers.com-us-government-gives-federal-agencies-4-days-to-patch-ivanti-zero-day-vulnerability-us-government-gives-federal-agencies-4-days-to-patch-ivanti-zero-day-vulnerability

US Government Gives Federal Agencies 4 Days to Patch Ivanti Zero-Day Vulnerability

Vaibhav May 8, 2026

Latest Cyber Security News

www.news4hackers.com-trellix-source-code-breach-linked-to-ransomhouse-hackers-trellix-source-code-breach-linked-to-ransomhouse-hackers

Trellix Source Code Breach Linked to RansomHouse Hackers

Vaibhav May 8, 2026
www.news4hackers.com-google-chrome-extension-claude-bleed-vulnerability-exposes-users-sensitive-data-google-chrome-extension-claude-bleed-vulnerability-exposes-users-sensitive-data

Google Chrome Extension Claude Bleed Vulnerability Exposes Users’ Sensitive Data

Vaibhav May 8, 2026
www.news4hackers.com-how-to-protect-against-cybersecurity-vulnerability-floods-how-to-protect-against-cybersecurity-vulnerability-floods

How to Protect Against Cybersecurity Vulnerability Floods

Vaibhav May 8, 2026
www.news4hackers.com-us-government-gives-federal-agencies-4-days-to-patch-ivanti-zero-day-vulnerability-us-government-gives-federal-agencies-4-days-to-patch-ivanti-zero-day-vulnerability

US Government Gives Federal Agencies 4 Days to Patch Ivanti Zero-Day Vulnerability

Vaibhav May 8, 2026
www.news4hackers.com-cyber-attack-impacts-educational-platform-canvas-ahead-of-final-exams-cyber-attack-impacts-educational-platform-canvas-ahead-of-final-exams

Cyber Attack Impacts Educational Platform Canvas Ahead of Final Exams

Vaibhav May 8, 2026
en_USEnglish
en_USEnglish