### Actively Exploited Vulnerability in Ivanti EPMM **Ivanti** has issued a warning regarding a new security vulnerability impacting Endpoint Manager Mobile (**EPMM**) that has been observed being exploited in limited, targeted attacks. The vulnerability, identified as **CVE-2026-6973** (CVSS score: 7.2), stems from improper input validation in **EPMM** versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. According to **Ivanti**'s advisory, this flaw allows "a remotely authenticated user with administrative access to achieve remote code execution." "We are aware of a very limited number of customers exploited with **CVE-2026-6973**. Successful exploitation requires Admin authentication. If customers followed **Ivanti**'s recommendation in January to rotate credentials if you were exploited with **CVE-2026-1281** and **CVE-2026-1340**, then your risk of exploitation from **CVE-2026-6973** is significantly reduced." The identity of the threat actors behind these exploitation attempts, the success rate of the attacks, and their ultimate objectives remain unknown at this time. ### CISA Adds Vulnerability to KEV Catalog The U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) has added the flaw to its Known Exploited Vulnerabilities (**KEV**) catalog, mandating that Federal Civilian Executive Branch (**FCEB**) agencies apply the necessary patches by May 10, 2026. ### Additional Vulnerabilities Patched **Ivanti** has also addressed four other vulnerabilities in **EPMM**: * **CVE-2026-5786** (CVSS score: 8.8) - An improper access control vulnerability allowing a remote authenticated attacker to gain administrative access. * **CVE-2026-5787** (CVSS score: 8.9) - An improper certificate validation vulnerability allowing a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. * **CVE-2026-5788** (CVSS score: 7.0) - An improper access control vulnerability allowing a remote unauthenticated attacker to invoke arbitrary methods. * **CVE-2026-7821** (CVSS score: 7.4) - An improper certificate validation vulnerability allowing a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about the **EPMM** appliance and impacting the integrity of the newly enrolled device identity. **Important Note:** These vulnerabilities specifically affect the on-premise **EPMM** product and do not impact **Ivanti** Neurons for MDM (cloud-based), **Ivanti** EPM, **Ivanti** Sentry, or other **Ivanti** products.