- A new, actively exploited flaw (CVE-2026-6973) in Ivanti Endpoint Manager Mobile allows authenticated admins remote code execution.
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch the vulnerability by May 10, 2026.
- Ivanti patched four additional high-severity vulnerabilities in its on-premises EPMM product alongside the exploited bug.
- Successful exploitation requires administrative access, but risk is reduced for customers who rotated credentials after previous incidents.
On May 07, 2026, Ivanti disclosed that a new high-severity security flaw in its Endpoint Manager Mobile (EPMM) software is being exploited in limited, targeted attacks. The vulnerability, tracked as CVE-2026-6973, enables remote code execution by attackers who have obtained administrative access to the system.
Consequently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog. Federal agencies are now required to apply the available patches by a specific deadline.
Ivanti said in an advisory, “We are aware of a very limited number of customers exploited with CVE-2026-6973.” However, the identity and ultimate objectives of the threat actors remain unknown at this time.
Meanwhile, the company also released fixes for four other critical vulnerabilities in the same product. These flaws include improper access control and certificate validation issues that could grant attackers administrative privileges or allow device impersonation.
The company said these issues only affect the on-premises EPMM product and not its cloud-based management solutions. Consequently, users of the on-premises software are urged to update to the patched versions immediately to mitigate risk.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
