- Description
- An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
- Products
- endpoint_manager_mobile
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
- Exploit added on
- May 7, 2026
- Exploit action due
- May 10, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "940E9259-A59E-4424-8B2E-05571C4B78AE",
"versionEndExcluding": "12.6.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79879C08-959D-49BD-947C-914F82B564E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:12.8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB6A5F3-3F82-41BF-B7C6-8F4F0E813B9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]