COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-6973

CVE-2026-6973

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-05-07
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-6973
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wildsupply-chain

Ivanti EPMM allows remote code execution for authenticated admins via improper input validation.

This vulnerability enables remote code execution for users with administrative access, posing a severe risk to endpoint management systems in defense organizations. DIB orgs must patch immediately to prevent attackers from leveraging compromised admin credentials to execute arbitrary code on managed endpoints. The active exploitation status indicates this is a current threat vector.

Shame score — Active exploitation of a remote code execution vulnerability in widely deployed endpoint management software.

Players implicated

Ivanti · vendorEndpoint Manager Mobile (EPMM) · product

Description

Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.

Affected FedRAMP products 2 in the catalog

ProductProviderStatusMatch
Ivanti Neurons for ITSM (Formerly Service Manager) Ivanti Authorized vendor-exact · 0.90
Ivanti Neurons for MDM (Formerly MobileIron) Ivanti Authorized vendor-exact · 0.90