Ivanti Warns of New EPMM Flaw Exploited in Zero-Day Attacks
Ivanti said the flaw requires authenticated admin access and released fixes for five vulnerabilities, while CISA added the zero-day to its catalog within hours.
- On Thursday, Ivanti released patches for five vulnerabilities in Endpoint Manager Mobile , including one zero-day actively exploited in the wild.
- Unlike previous unauthenticated code-injection flaws, this zero-day requires authenticated administrative access to exploit, making customers who rotated credentials following January's CVE-2026-1281 and CVE-2026-1340 attacks significantly less vulnerable.
- Internet security watchdog Shadowserver currently tracks over 850 IP addresses with EPMM fingerprints exposed online, while the Cybersecurity and Infrastructure Security Agency has flagged 34 Ivanti defects on its known exploited vulnerabilities catalog since late 2021.
- CISA added the zero-day to its known exploited vulnerabilities catalog within hours of Thursday's disclosure, while Ivanti confirmed no evidence that four additional patched defects—CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821—have been exploited.
- Ivanti Chief Security Officer Daniel Spicer stated the company maintains an 'aggressive' communication stance regarding disclosures, noting the firm uses advanced AI and internal detection processes to identify and remediate vulnerabilities quickly.
13 Articles
13 Articles
CyberScoopcybernoz.comIvanti customers confront yet another actively exploited zero-day
Attackers are hitting Ivanti customers yet again — circling back to a common target and consistently susceptible vendor in the network edge space — by exploiting a zero-day vulnerability in one of the company’s most besieged products. Ivanti warned customers that attackers have successfully exploited CVE-2026-6973, an improper input validation defect in Ivanti Endpoint Manager Mobile (EPMM) that allows authenticated users with administrative pr…
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to survive the weekend,” said Robert Enderle of the Enderle Group, “but start planning your exit from legacy MDM as soon as possible.” He was commenting on an advisory issued Thursday by Ivanti about the discovery of five holes in its Endpoint Manager Mob…
The U.S. cybersecurity agency, CISA, issued an emergency alert after the discovery of a new critical failure explored as zero-day at the Ivanti Endpoint Manager Mobile (EPMM). Vulnerability, identified as CVE-2026-6973, would already be used in real attacks, leading the U.S. government to impose an extremely short time frame for risk mitigation. The problem directly affects servers responsible for managing corporate mobile devices, including sma…
Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the company said in a security advisory published on Thursday. About CVE-2026-6973 CVE-2026-6973 is caused by improper input validation and allows remote attackers with administra…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
