CVE-2026-5788
published 2026-05-07CVE-2026-5788: An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.82%
52.6th percentile
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager_mobile | < 12.6.1.1 | 12.6.1.1 |
| ivanti | endpoint_manager_mobile | — | — |
| ivanti | endpoint_manager_mobile | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Ivanti EPMM versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1 are vulnerable to unauthenticated remote invocation of arbitrary methods due to improper access control (CWE-284). Monitor for unauthenticated requests to EPMM API/method endpoints from external sources. ↗
- ·No specific exploit payloads, IOCs, or PoC details are present in the available sources. Detection should focus on anomalous unauthenticated access patterns to Ivanti EPMM management interfaces. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wwfp-6c8c-qg35: An Improper Access Control in Ivanti EPMM before versions 12
ghsa_unreviewed·2026-05-07
CVE-2026-5788 [HIGH] CWE-284 GHSA-wwfp-6c8c-qg35: An Improper Access Control in Ivanti EPMM before versions 12
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
VulDB
Ivanti Endpoint Manager Mobile 12.6.1.1/12.7.0.1/12.8.0.1 access control
vuldb·2026-05-07·CVSS 9.8
CVE-2026-5788 [CRITICAL] Ivanti Endpoint Manager Mobile 12.6.1.1/12.7.0.1/12.8.0.1 access control
A vulnerability labeled as critical has been found in Ivanti Endpoint Manager Mobile 12.6.1.1/12.7.0.1/12.8.0.1. The impacted element is an unknown function. The manipulation results in improper access controls.
This vulnerability is identified as CVE-2026-5788. The attack can be executed remotely. There is not any exploit available.
The affected component should be upgraded.
Ivanti
Ivanti Security Advisory: CVE-2026-5788
vendor_ivanti·2026-05-07·CVSS 9.8
CVE-2026-5788 [CRITICAL] CWE-284 Ivanti Security Advisory: CVE-2026-5788
Ivanti Security Advisory: CVE-2026-5788
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
CVE IDs: CVE-2026-5788
CVSS Base Score: 7.0
Severity: HIGH
CWEs: CWE-284
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Ivanti warns of new EPMM flaw exploited in zero-day attacks
blogs_bleepingcomputer·2026-05-07·CVSS 8.8
CVE-2026-6973 [HIGH] Ivanti warns of new EPMM flaw exploited in zero-day attacks
## Ivanti warns of new EPMM flaw exploited in zero-day attacks
## Sergiu Gatlan
Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks.
The security flaw (tracked as CVE-2026-6973) stems from an Improper Input Validation weakness that allows remote attackers with administrative privileges to execute arbitrary code on targeted systems running EPMM 12.8.0.0 and earlier.
Ivanti says customers can mitigate the zero-day by installing Ivanti EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1, and advises customers to review accounts with Admin rights and rotate those credentials where necessary.
"At the time of disclosure, we are aware of very limited exploitation of CVE-2026-6973, which requires admin au
Hackernews
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
blogs_hackernews·2026-05-07·CVSS 9.8
CVE-2026-6973 [CRITICAL] Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild.
The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1.
It allows "a remotely authenticated user with administrative access to achieve remote code execution," Ivanti said in an advisory released today.
"We are aware of a very limited number of customers exploited with CVE-2026-6973. Successful explo
2026-05-07
Published