Actively exploited in the wild
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Ivanti — Endpoint Manager Mobile (EPMM) · Listed in the CISA KEV since 2026-05-07. This indicates confirmed attacks in production environments.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-6973
HighCVSS 7.2KEVExploitation Probability (EPSS)
High risk90th percentile — higher than 90% of all known CVEs
Summary
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
Risk Assessment
This vulnerability poses a significant risk to organizations by allowing attackers to remotely take control of the system.
Recommendation
It is recommended to update Ivanti EPMM to the latest version to mitigate this vulnerability.
Original NVD description (English source)
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

