US Public Data LabU.S. public data, made readable
EN
日本語 English
High Known exploited (KEV) CVE-2026-6973

Input-validation vulnerability in Ivanti EPMM (CVE-2026-6973) — remote code execution by an authenticated administrator

Ivanti Endpoint Manager Mobile (EPMM) Added to KEV May 7, 2026 Federal remediation due 2026-05-10

Ivanti Endpoint Manager Mobile (EPMM), a mobile-device management product, has an improper-input-validation vulnerability that lets a remotely authenticated user with administrative access achieve remote code execution (RCE). CISA listed it as known-exploited (KEV) (CVSS 7.2 High).

Key facts

  • CVE IDCVE-2026-6973
  • CVSS base score7.2 HIGH
  • CVSS vectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Affected (vendor / product)Ivanti Endpoint Manager Mobile (EPMM)
  • CWECWE-20
  • ExploitationListed in CISA KEV (exploitation confirmed)
  • Remediation due2026-05-10 (U.S. federal civilian agencies, BOD 22-01)

Key points

  • Improper input validation (CWE-20) in Ivanti EPMM (mobile-device management; formerly MobileIron)
  • A remotely authenticated user with admin access can achieve remote code execution (RCE)
  • Requires auth/admin so CVSS is 7.2 (High), but impact is large given it is a management platform
  • Ivanti products repeatedly appear in KEV = favored targets. Listed in CISA KEV = exploitation confirmed
  • Response: fix per Ivanti; minimize console exposure and protect admin accounts

CVE-2026-6973 is an improper-input-validation vulnerability (CWE-20) in Ivanti Endpoint Manager Mobile (EPMM, an MDM/EMM product for managing enterprise mobile devices; formerly MobileIron Core). It was added to CISA's KEV catalog on May 7, 2026.

Per NVD, a remotely authenticated user with administrative access can exploit it to achieve remote code execution (RCE). Because the attack requires authentication and admin privileges, the bar is higher than for unauthenticated flaws. Still, a management platform like EPMM is the linchpin controlling many mobile devices across an organization, so allowing code execution there has large impact.

Ivanti products (EPMM/MobileIron, Connect Secure, etc.) have repeatedly appeared in KEV in recent years, suggesting they are assets attackers favor. Even though authentication is required, given the risk of credential theft or insider/contractor abuse, a known-exploited KEV listing pushes for prompt action.

Key response: apply fixes/mitigations per Ivanti's official instructions. For cloud use, follow BOD 22-01, and discontinue use if mitigations are unavailable. Minimizing the management console's exposure and protecting admin accounts also help. The federal civilian remediation deadline was May 10, 2026.

Why it matters

RCE on a mobile-management platform (EPMM) — authentication is required, but the impact is large. Ivanti products repeatedly enter KEV, so users should enforce diligent patching, minimize console exposure, and protect credentials.

FAQ

What is EPMM?
An MDM/EMM product for managing enterprise mobile devices (phones, tablets, etc.). It was formerly called MobileIron Core.
Is it low risk because authentication is required?
CVSS is 7.2 (High) because auth and admin privileges are required. But RCE on a management platform has large impact, and with credential-theft and insider risks, known-exploited status warrants priority action.
What should I do?
Apply fixes/mitigations per Ivanti's instructions, minimize the management console's exposure, and protect admin accounts.

Sources (primary)

This article is an independent organization based on the U.S. official data below. Always verify the exact, latest details and applicability with the official and vendor sources.

#Ivanti#EPMM#MDM#RCE#Mobile management

← Back to vulnerability alerts

Disclaimer: This site independently summarizes and classifies information based on official data sources. Always verify the latest and accurate information with the official sources. Content on finance, health, legal, and security is information, not advice. This site is not an official website of the U.S. government.