Ivanti is warning {that a} new security flaw impacting Endpoint Supervisor Cellular (EPMM) has been explored in restricted assaults within the wild.
The high-severity vulnerability, CVE-2026-6973 (CVSS rating: 7.2), is a case of improper enter validation affecting EPMM earlier than variations 12.6.1.1, 12.7.0.1, and 12.8.0.1.
It permits “a remotely authenticated consumer with administrative entry to realize distant code execution,” Ivanti mentioned in an advisory launched right now.
“We’re conscious of a really restricted variety of prospects exploited with CVE-2026-6973. Profitable exploitation requires Admin authentication. If prospects adopted Ivanti’s suggestion in January to rotate credentials for those who have been exploited with CVE-2026-1281 and CVE-2026-1340, then your danger of exploitation from CVE-2026-6973 is considerably decreased.”
It is at present not recognized who’s behind the exploitation efforts, if any of these assaults have been profitable, and what the tip objectives of the assaults have been.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) so as to add the flaw to its Identified Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Govt Department (FCEB) businesses to use the fixes by Could 10, 2026.
Additionally patched by Ivanti in EPMM are 4 different flaws –
- CVE-2026-5786 (CVSS rating: 8.8) – An improper entry management vulnerability that permits a distant authenticated attacker to realize administrative entry.
- CVE-2026-5787 (CVSS rating: 8.9) – An improper certificates validation vulnerability that permits a distant unauthenticated attacker to impersonate registered Sentry hosts and acquire legitimate CA-signed consumer certificates.
- CVE-2026-5788 (CVSS rating: 7.0) – An improper entry management vulnerability that permits a distant unauthenticated attacker to invoke arbitrary strategies.
- CVE-2026-7821 (CVSS rating: 7.4) – An improper certificates validation vulnerability that permits a distant unauthenticated attacker to enroll a tool belonging to a restricted set of unenrolled gadgets, resulting in info disclosure in regards to the EPMM equipment and impacting the integrity of the newly enrolled system id.
“The problems solely have an effect on the on-prem EPMM product, and are usually not current in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint administration answer, Ivanti EPM (a equally named, however totally different product), Ivanti Sentry, or some other Ivanti merchandise,” the corporate mentioned.
