{"id":243634,"date":"2026-05-07T14:04:00","date_gmt":"2026-05-07T18:04:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/07\/u-s-cisa-adds-a-flaw-in-ivanti-endpoint-manager-mobile-epmm-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-05-11T09:30:10","modified_gmt":"2026-05-11T13:30:10","slug":"u-s-cisa-adds-a-flaw-in-ivanti-endpoint-manager-mobile-epmm-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/07\/u-s-cisa-adds-a-flaw-in-ivanti-endpoint-manager-mobile-epmm-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n

https:\/\/securityaffairs.com\/191822\/security\/u-s-cisa-adds-a-flaw-in-ivanti-endpoint-manager-mobile-epmm-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n

Publish Date: 2026-05-07 14:04:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ May 07, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog<\/h2>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0a flaw in the Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-6973 (CVSS score of 7.1), to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n

Ivanti warns customers of a high\u2011severity zero\u2011day vulnerability, tracked as CVE\u20112026\u20116973, in Endpoint Manager Mobile that is already being exploited.<\/p>\n

\u201cAt the time of disclosure, we are aware of very limited exploitation of CVE-2026-6973, which requires admin authentication for successful exploitation.\u201d reads the advisory. \u201cWe are not aware of any customers being exploited by the other vulnerabilities disclosed today.\u201d<\/p>\n

The flaw, caused by improper input validation, allows attackers with admin privileges to execute arbitrary code on systems running EPMM 12.8.0.0 and earlier. Customers are urged to patch immediately to prevent compromise.<\/p>\n

Ivanti EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1 address the vulnerability. The vulnerability doesn\u2019t affect Ivanti Neurons for MDM, Ivanti\u2019s cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products.<\/p>\n

According to\u00a0Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/p>\n

Experts also recommend that private organizations review the\u00a0Catalog\u00a0and address the vulnerabilities in their infrastructure.<\/p>\n

CISA orders…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited…<\/p>\n","protected":false},"author":1,"featured_media":243635,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-243634","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243634"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=243634"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243634\/revisions"}],"predecessor-version":[{"id":243637,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243634\/revisions\/243637"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/243635"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=243634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=243634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=243634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}