IVANTI says a new security flaw affecting Endpoint Manager Mobile (EPMM) has been seen in limited, real-world attacks. The high-severity CVE-2026-6973 (CVSS 7.2) involves improper input validation and affects EPMM versions prior to 12.6.1[.]1, 12.7.0[.]1, and 12.8.0[.]1. The vulnerability can allow a remotely authenticated user with admin access to achieve remote code execution, according to Ivanti.
The firm notes that a very limited number of customers have been exploited and that successful exploitation requires admin authentication; they also recommend credential rotation if earlier CVEs were exploited. CISA has added CVE-2026-6973 to its Known Exploited Vulnerabilities catalog, with Federal Civilian Executive Branch agencies required to apply fixes by 10 May 2026.
Ivanti also patched four additional flaws in EPMM, all on-premises products, with CVSS scores ranging from 7.0 to 8.9, and they emphasise these issues do not affect Ivanti Neurons for MDM or Ivanti EPM cloud solutions.