Remote Code Execution via Improper Input Validation in Ivanti EPMM 12.8
CVE-2026-6973 Published on May 7, 2026
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
Known Exploited Vulnerability
This Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.
The following remediation steps are recommended / required by May 10, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2026-6973 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-6973
Want to know whenever a new CVE is published for Ivanti Endpoint Manager Mobile? stack.watch will email you.
Affected Versions
Ivanti Endpoint Manager Mobile:- Version 12.6.1.1 is unaffected.
- Version 12.7.0.1 is unaffected.
- Version 12.8.0.1 is unaffected.