Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
Summary
Ivanti has released updates for five new vulnerabilities discovered in its Endpoint Manager Mobile (EPMM) suite, with one already added to CISA's Known Exploited Vulnerabilities Catalog due to active exploitation. Experts emphasize the need for immediate patching and careful credential management, especially given the potential for administrative access exploits.
IFF Assessment
The article reports on actively exploited vulnerabilities in a widely used endpoint management solution, posing a direct threat to organizations and their data.
Severity
The CVSS score is estimated based on the description of remote code execution for an authenticated administrative user, which is a severe impact. The attack vector is network-based, and exploitability is high given active exploitation.
CISA KEV: Listed as actively exploited. Federal patch due: February 01, 2026. Known ransomware use: Unknown.
Defender Context
Defenders must prioritize patching Ivanti EPMM, particularly CVE-2026-6973, and follow CISA's directive to rotate credentials after patching. This incident highlights the ongoing risk posed by legacy systems and the importance of proactive vulnerability management.