CVE-2026-5788

Published May 7, 2026

Last updated 6 days ago

CVSS high 7.0

Overview

Description
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed
Products
endpoint_manager_mobile

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-284

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.CVE-2026-7821
  2. Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation VulnerabilityCVE-2026-6973
  3. An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.CVE-2026-5787
  4. An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.CVE-2026-5786
  5. Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityCVE-2026-1340

References

Sources include official advisories and independent security research.