Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821
Security Patch Release
Summary
Hide ▲
Show ▼
Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-severity flaws that could enable administrative access, arbitrary method invocation, certificate-related abuse, and restricted-information exposure. The update applies to on-prem EPMM only. Ivanti said the issues do not affect Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products. Customers were directed to install the fixed EPMM versions 12.6.1.1, 12.7.0.1, or 12.8.0.1. Ivanti also stated there was no evidence of in-the-wild exploitation at the time of release.
Related Happenings
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
Cisco security patch release for CVE-2026-20182
Security Patch Release
First: 14.05.2026 20:45
Last: 14.05.2026 20:45
Sources 1
About this happening:
Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Cisco security patch release for CVE-2026-20182
Security Patch ReleaseAbout this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
About this happening:
**Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseAbout this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
CISA emergency patch deadline for Ivanti EPMM
Public Sector Action
First: 08.05.2026 15:16
Last: 08.05.2026 15:16
Sources 1
About this happening:
CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA emergency patch deadline for Ivanti EPMM
Public Sector ActionAbout this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
Timeline
-
07.05.2026 20:55 2 articles · 20d ago
Ivanti patches four on-prem EPMM vulnerabilities
Mitigation Patch UpdateIvanti released fixes for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821 in Endpoint Manager Mobile (EPMM). The updates apply only to on-prem EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1, and Ivanti said the issues are not present in Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products.
Show sources
- Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access — thehackernews.com — 07.05.2026 20:55
- Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access — thehackernews.com — 07.05.2026 20:55
-
07.05.2026 18:20 2 articles · 20d ago
Ivanti patches four high-severity EPMM vulnerabilities
Mitigation Patch UpdateIvanti released updates for on-prem Endpoint Manager Mobile (EPMM) to address CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The flaws can enable admin access, impersonation of registered Sentry hosts to obtain valid CA-signed client certificates, arbitrary method invocation, and restricted-information exposure, and Ivanti directed customers to install EPMM 12.6.1.1, 12.7.0.1, or 12.8.0.1 while stating there is no evidence of in-the-wild exploitation.
Show sources
- Ivanti warns of new EPMM flaw exploited in zero-day attacks — www.bleepingcomputer.com — 07.05.2026 18:20
- Ivanti warns of new EPMM flaw exploited in zero-day attacks — www.bleepingcomputer.com — 07.05.2026 18:20