CVE-2026-6973: Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Summary
A critical vulnerability, CVE-2026-6973, has been identified in Ivanti Endpoint Manager Mobile (EPMM). This improper input validation flaw allows authenticated administrators to execute remote code on affected systems. CISA mandates federal agencies to apply mitigations or discontinue product use by May 10, 2026.
IFF Assessment
The vulnerability allows for remote code execution, posing a significant threat to defenders by enabling attackers to compromise systems.
Severity
The vulnerability allows for remote code execution by an authenticated user with administrative privileges, indicating a high attack vector and significant impact on confidentiality, integrity, and availability.
CISA KEV: Listed as actively exploited. Federal patch due: May 10, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in Ivanti Endpoint Manager Mobile (EPMM) requires immediate attention for organizations using the product, particularly federal agencies. Defenders should prioritize applying vendor-provided mitigations or consider discontinuing use if patches are unavailable to prevent potential remote code execution and subsequent compromise.