๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-6973: Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Summary
Ivanti Endpoint Manager Mobile (EPMM) has a vulnerability where it doesn't properly check user input (improper input validation), allowing someone with admin access to run commands remotely on the system (remote code execution). This flaw is currently being exploited by attackers in real-world attacks.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 0.0%
Yes
๐ฅ Actively Exploited
May 6, 2026
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-6973
First tracked: May 7, 2026 at 02:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%