Bleepingcomputer
Ivanti EPMM Zero-Day Vulnerability Exploited in Active Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Ivanti has disclosed a zero-day vulnerability (CVE-2026-6973) in its Endpoint Manager Mobile (EPMM) product, which has been actively exploited by attackers. This flaw allows authenticated users with administrative privileges to execute arbitrary code remotely on affected systems. Ivanti issued patches for this and four other high-severity vulnerabilities on May 7, 2026. The vulnerability affects EPMM versions 12.8.0.0 and earlier. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this CVE to its list of exploited vulnerabilities and mandated federal agencies to patch their systems by May 10, 2026. Ivanti previously disclosed two critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in January 2026, which have also been exploited. The current exploitation requires administrative access, limiting the immediate impact but still posing significant risks to organizations that have not followed prior security recommendations.
Key Points: • CVE-2026-6973 is a zero-day vulnerability in Ivanti EPMM, actively exploited since May 7, 2026. • The vulnerability allows remote code execution for authenticated users with admin privileges. • CISA has mandated federal agencies to patch affected systems by May 10, 2026.