Find notable cyber news and cases, enriched with sources, timelines, and signals.

Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821

Security Patch Release
First reported
Last updated
Happening score
H score 66
2 unique sources, 2 articles

Summary

Hide ▲

Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-severity flaws that could enable administrative access, arbitrary method invocation, certificate-related abuse, and restricted-information exposure. The update applies to on-prem EPMM only. Ivanti said the issues do not affect Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products. Customers were directed to install the fixed EPMM versions 12.6.1.1, 12.7.0.1, or 12.8.0.1. Ivanti also stated there was no evidence of in-the-wild exploitation at the time of release.

Related Happenings

Kandji security patch release for CVE-2026-39118

Security Patch Release
H score17 First: 25.06.2026 14:00 Last: 25.06.2026 14:00 Sources 1

About this happening: Kandji fixed its **MDM agent** on **macOS** and assigned **CVE-2026-39118** after validation showed a trust issue that could let a standard user disable enterprise security contro...

Fortinet and Ivanti multi-product security patch release

Security Patch Release
H score47 First: 10.06.2026 11:50 Last: 10.06.2026 11:50 Sources 1

About this happening: **Fortinet** and **Ivanti** released patches on **Tuesday** for multiple product flaws, including **critical OS command injection** and **authentication-bypass** bugs that could e...

Latest development: 11.06.2026 09:20

Attackers are targeting Ivanti Sentry instances with CVE-2026-10520 exploitation attempts after Ivanti patched the maximum-severity OS command injection flaw in R10.5.2, R10.6.2, and R10.7.1. Shadowserver reported 19 vulnerable instances in its scans and at least 2 backdoored gateways, warning that unpatched Internet-exposed secure mobile gateways are likely compromised.

Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523

Security Patch Release
H score54 First: 10.06.2026 09:26 Last: 10.06.2026 09:26 Sources 1

About this happening: **Ivanti** released a **patch bundle** for **Sentry** after identifying **two critical vulnerabilities** in the secure mobile gateway appliance, including **CVE-2026-10520** and *...

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Microsoft Exchange CVE-2026-42897 mitigation advisory

Advisory/Mitigation
H score44 First: 15.05.2026 12:40 Last: 15.05.2026 12:40 Sources 1

About this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...

Latest development: 15.05.2026 15:35

Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.

Timeline

  1. 07.05.2026 20:55 2 articles · 2mo ago

    Ivanti patches four on-prem EPMM vulnerabilities

    Mitigation Patch Update

    Ivanti released fixes for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821 in Endpoint Manager Mobile (EPMM). The updates apply only to on-prem EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1, and Ivanti said the issues are not present in Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products.

    Show sources
  2. 07.05.2026 18:20 2 articles · 2mo ago

    Ivanti patches four high-severity EPMM vulnerabilities

    Mitigation Patch Update

    Ivanti released updates for on-prem Endpoint Manager Mobile (EPMM) to address CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The flaws can enable admin access, impersonation of registered Sentry hosts to obtain valid CA-signed client certificates, arbitrary method invocation, and restricted-information exposure, and Ivanti directed customers to install EPMM 12.6.1.1, 12.7.0.1, or 12.8.0.1 while stating there is no evidence of in-the-wild exploitation.

    Show sources