CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-5787 — An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7...

·Source: NIST NVD

Updated:

Executive Summary

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

Analysis

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. CVSS Score: 8.9. Published: 2026-05-07T16:16:22.620.

Indicators of Compromise (4)

CVE (1)
CVE-2026-5787
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 7, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Inside Starling: A conversation with group CRO Keith Algie

Appointed in March 2026, Algie joins Starling from ANZ, where he spent 15 years, most recently serving as group chief compliance officer. Speaking to Finextra as part of a new CXO interview series, he outlines how approaches to risk must evolve, from reactive oversight to proactive, design-led systems.

Finextra
MEDIUMVulnerability

Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

Unlimit partners with Decentro to boost cross-border payments in India

Unlimit, the global financial infrastructure platform, today announced that Decentro, India’s leading fintech enabler, has integrated the platform’s universal operating layer to extend its cross-border payment capabilities into new markets and payment methods.

Finextra