Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ivanti EPMM zero-day remote code execution (CVE-2026-6973)

Vulnerability
First reported
Last updated
Happening score
H score 53
2 unique sources, 3 articles

Summary

Hide ▲

Ivanti's disclosure of CVE-2026-6973 puts Endpoint Manager Mobile (EPMM) customers on alert for a zero-day remote code execution flaw that can let authenticated admins execute arbitrary code on 12.8.0.0 and earlier. The issue is tied to Improper Input Validation and has been exploited in zero-day attacks, increasing risk for exposed on-prem deployments. Ivanti says fixes are available for 12.6.1.1, 12.7.0.1, and 12.8.0.1, and customers should review Admin rights and rotate credentials where needed.

Related Happenings

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

How related: On Thursday, CISA added the security flaw to its list of vulnerabilities exploited in attacks and mandated that federal agencies patch their EPMM systems by midnight Sunday, May 10.

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

Open Happening

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
First: 08.04.2026 21:15 Last: 08.04.2026 21:15 Sources 1

About this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...

Open Happening

Cloud Software Group NetScaler urgent remediation advisory

Advisory/Mitigation
First: 25.03.2026 17:52 Last: 25.03.2026 17:52 Sources 1

About this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
First: 20.02.2026 19:02 Last: 20.02.2026 19:02 Sources 1

About this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...

Open Happening

Timeline

  1. 07.05.2026 20:55 2 articles · 20d ago

    CISA adds CVE-2026-6973 to KEV with May 10, 2026 deadline

    Legal Policy Action Update

    The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2026-6973 to its Known Exploited Vulnerabilities (KEV) catalog and required Federal Civilian Executive Branch agencies to apply the fixes by May 10, 2026.

    Show sources
    Open in new tab
  2. 07.05.2026 18:20 2 articles · 20d ago

    Ivanti warns customers about CVE-2026-6973 in Endpoint Manager Mobile

    Initial Disclosure

    On 2026-05-07, Ivanti warned customers to patch CVE-2026-6973 in Endpoint Manager Mobile (EPMM), a high-severity remote code execution flaw caused by Improper Input Validation that affects EPMM 12.8.0.0 and earlier. The company said exploitation requires admin privileges, exploitation was very limited at disclosure time, and customers should upgrade to EPMM 12.6.1.1, 12.7.0.1, or 12.8.0.1, review accounts with Admin rights, and rotate those credentials where necessary; the issue affects only the on-prem EPMM product and not Ivanti Neurons for MDM, Ivanti EPM, or Ivanti Sentry.

    Show sources
    Open in new tab
  3. 07.05.2026 18:20 2 articles · 20d ago

    Ivanti warns customers about CVE-2026-6973 in Endpoint Manager Mobile

    Initial Disclosure

    On 2026-05-07, Ivanti warned customers to patch CVE-2026-6973 in Endpoint Manager Mobile (EPMM), a high-severity remote code execution flaw caused by Improper Input Validation that affects EPMM 12.8.0.0 and earlier. The company said exploitation requires admin privileges, exploitation was very limited at disclosure time, and customers should upgrade to EPMM 12.6.1.1, 12.7.0.1, or 12.8.0.1, review accounts with Admin rights, and rotate those credentials where necessary; the issue affects only the on-prem EPMM product and not Ivanti Neurons for MDM, Ivanti EPM, or Ivanti Sentry.

    Show sources
    Open in new tab