- 116/2026
- High
Ivanti has released a security update to fix multiple vulnerabilities across Ivanti Endpoint Manager Mobile (EPMM) versions 12.8.0.0 and prior.
The addressed vulnerabilities could allow the attacker to gain administrative access, impersonate registered Sentry hosts and obtain valid CA-signed client certificates, execute arbitrary code, or obtain sensitive information from the affected system.
Sample of the addressed vulnerabilities:
1. Ivanti Endpoint Manager Mobile (EPMM) Improper Access Control Vulnerability (CVE-2026-5786):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability (CVE-2026-6973):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Remote Code Execution
It should be highlighted that Ivanti is aware that the zero-day vulnerability “CVE- 2026-6973” is now being exploited in the wild.
Vulnerabilities
- CVE-2026-5786
- CVE-2026-5787
- CVE-2026-5788
- CVE-2026-6973
- CVE-2026-7821
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.