Vulnerability intelligence
CVE-2026-6973
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
A configuration control vulnerability in the Ivanti Endpoint Manager Mobile before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to inject arbitrary Apache directives, leading to remote code execution.
CVSS Score
7.2
High
EPSS — Exploit Probability
4.8%
Riskier than 90% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-05-10
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-05-10.
7 articles across 6 outlets · first covered May 7, 2026 · latest May 11, 2026
Associated threat actors
Coverage timeline
-
Ivanti EPMM and PAN OS flaws hit as patches roll out mid Maythehackernews.com · May 11, 2026
-
CVE‑2026‑6973 Exploited in Wild, Urges Patch of Ivanti EPMMsocradar.io · May 8, 2026
-
Ivanti patches EPMM zero day CVE-2026-6973 after targeted attackswww.securityweek.com · May 8, 2026
-
Ivanti EPMM flaw CVE-2026-6973 lets admins execute code remotelywww.cisa.gov · May 7, 2026
-
CISA flags Ivanti EPMM flaw CVE-2026-6973 as actively exploitedcisa.gov · May 7, 2026
-
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Accessthehackernews.com · May 7, 2026
-
CISA flags Ivanti EPMM zero day CVE‑2026‑6973, urges May 10 patchsecurityaffairs.com · May 7, 2026