Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

2026-05-07

1 min read

by info@thehackernews.com (The Hacker News)

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Ivanti warns about CVE-2026-6973, a high-severity RCE vulnerability in EPMM that is actively being exploited in limited attacks.

•CVE-2026-6973 (CVSS 7.2) involves improper input validation and allows authenticated admin users to execute remote code in EPMM versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1
•Limited number of customers have been successfully exploited, requiring admin authentication for attacks to succeed
•Vulnerability was added to CISA's Known Exploited Vulnerabilities catalog, requiring FCEB agencies to patch by May 10, 2026
•Four additional CVEs were patched: CVE-2026-5786 (8.8), CVE-2026-5787 (8.9), CVE-2026-5788 (7.0), and CVE-2026-7821 (7.4)
•On-premises EPMM product is affected, while cloud-based Ivanti Neurons for MDM and other Ivanti products remain unaffected

Related Articles