HIGHVulnerability
Global

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

·Source: The Hacker News

Updated:

Executive Summary

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve remote code

Analysis

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve remote code

Indicators of Compromise (4)

CVE (1)
CVE-2026-6973
NVDMITRE CVE
Source Attribution

Originally published by The Hacker News on May 7, 2026.

Related Threats

MEDIUMVulnerabilityNEW

Commerzbank to axe 3000 jobs as it fends off UniCredit takeover

Germany's Commerzbank says it will cut 3000 jobs as it steps up investment in AI and fends off a takeover effort from Italy's UniCredit.

Finextra
MEDIUMVulnerabilityNEW

Weekly Update 503

Well, it's the day before the Instructure "pay or leak" deadline (at least by my Aussie watch), and the company remains removed from the ShinyHunters website. In its place sits a press statement that amounts to "we're not making any statements". So

Troy Hunt
MEDIUMVulnerability

YARA-X 1.16.0 Release, (Sun, May 10th)

YARA-X&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s 1.16.0 release brings 4 improvements and 4 bugfixes.

SANS ISC