US Government Gives Federal Agencies 4 Days to Patch Ivanti Zero-Day Vulnerability
U.S. Federal Agencies Face Four-Day Deadline to Patch Critical Flaw in Ivanti Endpoint Manager Mobile
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to federal agencies regarding a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Tracked as CVE-2026-6973, this flaw allows remote code execution on systems running EPMM 12.8.0.0 and earlier, requiring administrative privileges to exploit.
What You Need to Know:
- Ivanti has released patches for EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1, advising customers to install these updates to mitigate the issue.
- The vulnerability has been exploited in zero-day attacks, although the company claims to be aware of limited exploitation at the time of disclosure.
- The flaw affects only on-premise EPMM installations, excluding Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, and other Ivanti products.
- Non-profit security organization Shadowserver has identified over 800 Ivanti EPMM appliances exposed online, raising concerns about potential exploitation.
Ivanti advises customers to review accounts with administrative rights and rotate those credentials as necessary to further minimize the risk of exploitation.
Action Required:
- U.S. Federal Agencies are mandated to patch their EPMM systems by midnight on Sunday, May 10.
- Clients who rotated their credentials following previous patching efforts may be at reduced risk of exploitation from the current CVE-2026-6973 vulnerability.
Ivanti provides IT asset management solutions to over 40,000 clients worldwide, supported by an extensive network of over 7,000 partners.