CVE-2026-6973

HIGH Actively Exploited NVDCISA KEV

CVSS Score 7.2

Severity HIGH

Published May 07, 2026

Vendor unknown

This vulnerability is in the CISA Known Exploited Vulnerabilities Catalog. Active exploitation has been observed. Immediate patching is recommended.

Description

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-6973