Summary

Parameter	Value
CVE ID	CVE-2026-6973
Alert Source	CISA KEV - Active Exploitation
CVE Publication Year	2026
Date Published	2026-05-07
Vendor	Ivanti
Product	Endpoint Manager Mobile (EPMM)
CVSS Score	7.2 (high)
EPSS Score	No data
CISA KEV	Yes - confirmed active exploitation
Ransomware	Not confirmed
Remediation Deadline	2026-05-10

Vulnerability Description

Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.

Required Actions

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Who Is Affected?

This vulnerability affects Endpoint Manager Mobile (EPMM) by Ivanti. Check if your organization uses this software and requires updates.

Sources

Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.

Learn More

Detecting and responding to endpoints with FortiEDR: What you need to know

Wondering how to effectively protect endpoint devices from advanced threats?...

Detecting and responding to threats on endpoints with FortiEDR: What do you need to know?

Endpoints are the primary entry point for attackers. Learn how FortiEDR detects and responds to threats in real time, stopping breaches before they sp...

FortiEDR and FortiXDR: Endpoint Protection in the Digital Transformation Era

FortiEDR and FortiXDR are advanced systems from Fortinet that provide effective endpoint protection against advanced threats....

CVE-2026-6973: Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Summary

Vulnerability Description

Required Actions

Who Is Affected?

Sources

Learn More

Tags:

Share:

Talk to an expert

Grzegorz Gnych

Want to Reduce IT Risk and Costs?