cbcvebase.
CVE-2026-5787
published 2026-05-07

CVE-2026-5787: An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate…

PriorityP261critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.69%
48.0th percentile
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager_mobile< 12.6.1.112.6.1.1
ivantiendpoint_manager_mobile
ivantiendpoint_manager_mobile

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for unexpected or anomalous certificate issuance requests to the EPMM CA, particularly from hosts not previously registered as Sentry nodes, which may indicate impersonation attempts exploiting improper certificate validation.
  • Alert on unauthenticated remote connections to Ivanti EPMM endpoints responsible for Sentry host registration or certificate provisioning workflows.
  • ·Ivanti EPMM versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1 are vulnerable; patch to these versions or later to remediate the improper certificate validation flaw.
  • ·The vulnerability is classified CWE-295 (Improper Certificate Validation), meaning the EPMM server does not sufficiently validate the identity of Sentry hosts during certificate requests, enabling impersonation by unauthenticated remote attackers.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.