Back

Critical Vulnerabilities in Ivanti EPMM Expose Systems to Remote Attacks

Severity: High (Score: 72.0)

Sources: nvd.nist.gov

Summary

Two critical vulnerabilities (CVE-2026-5787 and CVE-2026-5788) were disclosed in Ivanti EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. CVE-2026-5787 allows attackers to impersonate Sentry hosts and obtain valid CA-signed client certificates, while CVE-2026-5788 enables unauthorized method invocation. Both vulnerabilities can be exploited by remote unauthenticated attackers, posing significant risks to affected systems. The vulnerabilities were published on May 7, 2026, and are currently unpatched. Organizations using vulnerable versions of Ivanti EPMM are advised to take immediate action to mitigate potential exploitation. Key Points: • CVE-2026-5787 allows impersonation of Sentry hosts to obtain valid certificates. • CVE-2026-5788 enables remote attackers to invoke arbitrary methods. • Both vulnerabilities affect Ivanti EPMM versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2026-5787 (cve)
  • CVE-2026-5788 (cve)
  • Cwe-295 - Improper Certificate Validation (cwe)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • Ivanti EPMM (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed