CVE-2026-6973

HIGH KEV

Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2026-6973 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 7, 2026.

Description

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

References (4)

Core 4

Core References

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-6973-CVE-2026-10727?language=en_US

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-6973

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US

Scores

CVSS v3 7.2

EPSS 0.2019

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-05-07

VulnCheck KEV 2026-05-07

ENISA EUVD EUVD-2026-28396

CWE

CWE-20

Status published

Products (10)

Ivanti/Endpoint Manager Mobile 12.6.1.1

Ivanti/Endpoint Manager Mobile 12.7.0.1

Ivanti/Endpoint Manager Mobile 12.7.0.2

Ivanti/Endpoint Manager Mobile 12.8.0.1

Ivanti/Endpoint Manager Mobile 12.8.0.3

Ivanti/Endpoint Manager Mobile 12.9.0.1

ivanti/endpoint_manager_mobile 12.7.0.0

ivanti/endpoint_manager_mobile 12.8.0.0

ivanti/endpoint_manager_mobile 12.9.0.0

ivanti/endpoint_manager_mobile < 12.6.1.1

Published May 07, 2026

KEV Added May 07, 2026

Tracked Since May 07, 2026