cbcvebase.
CVE-2026-7821
published 2026-05-07

CVE-2026-7821: Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device…

PriorityP262critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.51%
39.5th percentile
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager_mobile< 12.6.1.112.6.1.1
ivantiendpoint_manager_mobile
ivantiendpoint_manager_mobile

Detection & IOCsextracted from sources · hover to see the quote

  • Target product is Ivanti EPMM (Enterprise Mobility Management). Monitor for unauthorized or unexpected device enrollment attempts, particularly from unauthenticated remote sources, which may indicate exploitation of improper certificate validation.
  • Alert on information disclosure events from the EPMM appliance following anomalous device enrollment, as successful exploitation leads to appliance information disclosure and integrity impact on enrolled device identity.
  • ·Vulnerability affects Ivanti EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. Ensure patched versions are deployed; unpatched appliances are exposed to unauthenticated remote exploitation.
  • ·Root cause is CWE-295 (Improper Certificate Validation). Review and enforce strict certificate validation configurations on EPMM device enrollment endpoints to mitigate bypass risk.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.