Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
Summary
Ivanti has released a patch for a high-severity zero-day vulnerability in its Endpoint Manager Mobile (EPMM) product. This vulnerability, identified as CVE-2026-6973, allows an attacker with administrative privileges to execute arbitrary code.
IFF Assessment
The exploitation of a zero-day vulnerability that allows arbitrary code execution is bad news for defenders, as it presents an immediate threat that can be leveraged by attackers.
Severity
The vulnerability allows arbitrary code execution with administrative privileges, indicating a high impact on confidentiality, integrity, and availability. The fact that it's a zero-day and exploited in targeted attacks suggests it's likely to have a high attack vector and exploitability.
CISA KEV: Listed as actively exploited. Federal patch due: May 10, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching Ivanti EPMM systems immediately to mitigate the risk of exploitation. This incident highlights the ongoing threat of zero-day vulnerabilities in widely used management software and the importance of timely security updates.