CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-7821 — Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0....

·Source: NIST NVD

Updated:

Executive Summary

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.

Analysis

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity. CVSS Score: 7.4. Published: 2026-05-07T16:16:23.450.

Indicators of Compromise (4)

CVE (1)
CVE-2026-7821
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 7, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

ShinyHunters Claims Second Attack Against Instructure

The edtech company is struggling to wrest control from its hackers. PII belonging to hundreds of millions of people is on the line.

Dark Reading
MEDIUMVulnerability

Kraken parent Payward files for national trust charter

We have filed an application with the Office of the Comptroller of the Currency (“OCC”) for a national trust company charter. If approved, the application would establish Payward National Trust Company (“PNTC”), which would provide fiduciary custody and other services primarily for digital assets.

Finextra
MEDIUMVulnerability

GM to pay over $12 million in California privacy settlement involving driver data

The settlement, announced by California officials Friday, is the largest fine issued under the California Consumer Privacy Act (CCPA) in its more than five-year history.

The Record