Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Staff Editor 2026-05-22
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html

Publish Date: 2026-05-07 13:55:00

Source Domain: thehackernews.com

Security firm Ivanti has disclosed that a new high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), affecting its Endpoint Manager Mobile (EPMM), is currently being exploited in limited attacks. This flaw is due to improper input validation and could allow a remote authenticated administrator to execute arbitrary code. Ivanti has confirmed that only a very limited number of customers have been exploited, but all successful attacks have required administrative authentication. As a preventative measure, those affected by previous vulnerabilities in January are advised that following credential rotation recommendations significantly reduces the risk. Furthermore, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed this vulnerability in its Known Exploited Vulnerabilities catalog, compelling Federal Civilian Executive Branch (FCEB) agencies to implement the fix by May 10, 2026. Additionally, Ivanti has patched other vulnerabilities alongside CVE-2026-6973 that affect improper access control and certificate validation across its EPMM product.

Key Points:
– CVE-2026-6973 is a high-severity vulnerability in Ivanti Endpoint Manager Mobile allowing remote code execution by authenticated users.
– Federal agencies have ten days to apply the fix as mandated by CISA.
– Limited exploitation has occurred, but the perpetrators and attack goals remain unknown.
– Ivanti has patched four additional vulnerabilities across EPMM concerning improper access control and certificate validation.
– This issue only impacts on-premise EPMM and not any other Ivanti products.

More Stories

Experts say we should use passkeys, but can a smartphone PIN really be safer than a password? | Life and style

Experts say we should use passkeys, but can a smartphone PIN really be safer than a password? | Life and style

Staff Editor 2026-06-07
The Mythos Race: Trump’s New EO and Glasswing’s Expansion

The Mythos Race: Trump’s New EO and Glasswing’s Expansion

Staff Editor 2026-06-07
Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Staff Editor 2026-06-07

You may have missed

MY TWO CENTS: AI, write a parody of artificial intelligence ruling the world

MY TWO CENTS: AI, write a parody of artificial intelligence ruling the world

Staff Editor 2026-06-07
Guest Column: Wyoming Should Not Fear Artificial Intelligence Or Data Centers

Guest Column: Wyoming Should Not Fear Artificial Intelligence Or Data Centers

Staff Editor 2026-06-07
NH residents use AI more, but fear job loss

NH residents use AI more, but fear job loss

Staff Editor 2026-06-07
Elder Gong teaches how to hear God’s voice amid increased use of artificial intelligence – Church News

Elder Gong teaches how to hear God’s voice amid increased use of artificial intelligence – Church News

Staff Editor 2026-06-07
This Week’s Awesome Tech Stories From Around the Web (Through June 7)

This Week’s Awesome Tech Stories From Around the Web (Through June 7)

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy