Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Summary
Ivanti is alerting users to a critical vulnerability, CVE-2026-6973, in its Endpoint Manager Mobile (EPMM) software. This flaw, an improper input validation issue, has already been actively exploited in limited attacks and grants remote administrative access.
IFF Assessment
The active exploitation of a critical vulnerability that grants administrative access is a direct threat to organizations, making it bad news for defenders.
Severity
The CVSS score of 7.2 indicates a high severity, attributed to the vulnerability allowing remote code execution with administrative privileges by an authenticated user, which is a significant threat.
CISA KEV: Listed as actively exploited. Federal patch due: May 10, 2026. Known ransomware use: Unknown.
Defender Context
Defenders need to prioritize patching Ivanti EPMM to versions 12.6.1.1, 12.7.0.1, or 12.8.0.1 immediately due to active exploitation. The ability to gain remote administrative access via this vulnerability highlights the importance of timely vulnerability management and robust access controls.