Ivanti is warning {that a} new safety flaw impacting Endpoint Supervisor Cell (EPMM) has been explored in restricted assaults within the wild.
The high-severity vulnerability, CVE-2026-6973 (CVSS rating: 7.2), is a case of improper enter validation affecting EPMM earlier than variations 12.6.1.1, 12.7.0.1, and 12.8.0.1.
It permits “a remotely authenticated consumer with administrative entry to attain distant code execution,” Ivanti stated in an advisory launched as we speak.
“We’re conscious of a really restricted variety of prospects exploited with CVE-2026-6973. Profitable exploitation requires Admin authentication. If prospects adopted Ivanti’s advice in January to rotate credentials when you have been exploited with CVE-2026-1281 and CVE-2026-1340, then your danger of exploitation from CVE-2026-6973 is considerably diminished.”
It is at the moment not recognized who’s behind the exploitation efforts, if any of these assaults have been profitable, and what the top targets of the assaults have been.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) to add the flaw to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Government Department (FCEB) companies to use the fixes by Could 10, 2026.
Additionally patched by Ivanti in EPMM are 4 different flaws –
- CVE-2026-5786 (CVSS rating: 8.8) – An improper entry management vulnerability that permits a distant authenticated attacker to realize administrative entry.
- CVE-2026-5787 (CVSS rating: 8.9) – An improper certificates validation vulnerability that permits a distant unauthenticated attacker to impersonate registered Sentry hosts and procure legitimate CA-signed consumer certificates.
- CVE-2026-5788 (CVSS rating: 7.0) – An improper entry management vulnerability that permits a distant unauthenticated attacker to invoke arbitrary strategies.
- CVE-2026-7821 (CVSS rating: 7.4) – An improper certificates validation vulnerability that permits a distant unauthenticated attacker to enroll a tool belonging to a restricted set of unenrolled gadgets, resulting in data disclosure in regards to the EPMM equipment and impacting the integrity of the newly enrolled machine id.
“The problems solely have an effect on the on-prem EPMM product, and are usually not current in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint administration answer, Ivanti EPM (a equally named, however totally different product), Ivanti Sentry, or some other Ivanti merchandise,” the corporate stated.
