ThreatCluster

Critical Vulnerabilities in Ivanti EPMM Expose Systems to Remote Attacks

First seen 8 May 2026, 14:38 UTC nvd.nist.gov 82% similarity 72

Article Content

Browse articles
ThreatCluster

Two critical vulnerabilities (CVE-2026-5787 and CVE-2026-5788) were disclosed in Ivanti EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. CVE-2026-5787 allows attackers to impersonate Sentry hosts and obtain valid CA-signed client certificates, while CVE-2026-5788 enables unauthorized method invocation. Both vulnerabilities can be exploited by remote unauthenticated attackers, posing significant risks to affected systems. The vulnerabilities were published on May 7, 2026, and are currently unpatched. Organizations using vulnerable versions of Ivanti EPMM are advised to take immediate action to mitigate potential exploitation.

Key Points: • CVE-2026-5787 allows impersonation of Sentry hosts to obtain valid certificates. • CVE-2026-5788 enables remote attackers to invoke arbitrary methods. • Both vulnerabilities affect Ivanti EPMM versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1.

ThreatCluster AI

Timeline

2026-05-07
CVE-2026-5787 published
An improper certificate validation vulnerability in Ivanti EPMM was disclosed, allowing remote attackers to impersonate hosts.
Article 1
2026-05-07
CVE-2026-5788 published
An improper access control vulnerability in Ivanti EPMM was disclosed, allowing unauthorized method invocation by remote attackers.
Article 2
2026-05-08
Current status of vulnerabilities
Both vulnerabilities remain unpatched, posing a significant risk to organizations using affected Ivanti EPMM versions.
Article 1

Community

Browse all →