CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added CVE-2026-6973, an improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation, highlighting it as a significant risk to organizations, particularly within the federal enterprise.
IFF Assessment
The addition of a newly identified and actively exploited vulnerability to CISA's KEV catalog signifies an increased threat to defenders, as it indicates a known pathway for malicious actors.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: May 10, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching or mitigating CVE-2026-6973 in Ivanti EPMM, as it is now on CISA's KEV catalog, indicating active exploitation. Organizations, especially those in the federal sector, are urged to follow Binding Operational Directive 22-01 to manage and remediate such high-risk vulnerabilities promptly.