← back
CVE-2026-6973

CVE-2026-6973

CVSS 7.2 HIGHEPSS 34.5%● KEVCWE-20
In short

Ivanti EPMM has a flaw where it doesn't properly check user input, allowing an admin account to run malicious code on the system remotely. This is dangerous because attackers who compromise an admin account gain full control of the server.

Technical detail

CWE-20 (Improper Input Validation) in Ivanti EPMM <12.6.1.1, 12.7.0.1, 12.8.0.1 permits remote code execution via authenticated administrative access. Attack vector requires prior admin credential compromise; impact is unrestricted command execution in application context.

Summary generated and translated by AI from the official description.
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Ivanti · Endpoint Manager Mobile

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-6973