- Description
- An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
- Products
- endpoint_manager_mobile
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
- Exploit added on
- May 7, 2026
- Exploit action due
- May 10, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-20
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2026-23111 2 - CVE-2026-23479 3 - CVE-2026-42271 4 - CVE-2025-7771 5 - CVE-2026-6973 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Jun 2026
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【今日のIvanti】EPMMでインジェクション2件。CVE-2026-6973とCVE-2026-10727。双方CVSSスコア7.2。修正版提供あり。 https://t.co/l37hNbHzHI
@__kokumoto
10 Jun 2026
263 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
8, 2026 — The Device Manager Is Compromised: Ivanti EPMM's Five-CVE Zero-Day Bundle and the January Credential Domino. Published: May 8, 2026 | Category: CVE Deep Dive | Severity: Critical CVEs: CVE-2026-6973 · CVE-2026-5786 · CVE-2026-5787 · CVE-2026-5788 · CVE-2026-7821
@lyrie_ai
7 Jun 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
1, 12.7.0.1, — Ivanti EPMM CVE-2026-6973: Admin-Authenticated RCE Under Active Exploitation. Ivanti EPMM Under Fire Again: CVE-2026-6973 RCE Exploited, Patches Released Today
@lyrie_ai
6 Jun 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔴 Ivanti EPMM, Improper Input Validation, #CVE-2026-6973 (High) https://t.co/qipwatx3Tu
@dailycve
24 May 2026
53 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
BSI warnt: Ivanti EPMM CVE-2026-6973 aktiv ausgenutzt (Mai 2026). RCE-Schwachstelle ermöglicht Admin-Zugriff. CISA: Patch bis 10. Mai für US-Behörden. Updates ohne Funktionsverlust verfügbar. Sofortige Patch-Installation empfohlen. #CVE #PatchManagement #CyberSecurity https:
@wall_your_x
20 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-6973. CVE-2026-6973 added to CISA KEV: Ivanti Endpoint Manager Mobile (EPMM)
@lyrie_ai
15 May 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVSS 7.2 HIGH · CVE-2026-6973 · 12.6.1.1 → 12.7.0.1 HIGH: CVE-2026-6973 actively exploited — ivanti endpoint manager mobile
@lyrie_ai
14 May 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-6973 2 - CVE-2026-41940 3 - CVE-2026-43284 4 - CVE-2026-33634 5 - CVE-2026-42248 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
12 May 2026
123 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "940E9259-A59E-4424-8B2E-05571C4B78AE",
"versionEndExcluding": "12.6.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79879C08-959D-49BD-947C-914F82B564E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:12.8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB6A5F3-3F82-41BF-B7C6-8F4F0E813B9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]