CVE-2026-6973 in Ivanti EPMM: RCE — update immediately

Colleagues, please note: a critical vulnerability was found in Ivanti EPMM.
Ivanti confirmed CVE-2026-6973: an authenticated administrator can achieve remote code execution (RCE). Patches are available for 12.6.1.1, 12.7.0.1 and 12.8.0.1; limited exploitation observed. CISA added the flaw to KEV — federal agencies must update by 10 May 2026. Four additional defects fixed (access control, certificate validation). Affects on‑prem EPMM only; Ivanti cloud services are not impacted. I recommend verifying versions, applying patches and rotating credentials as needed.
Why this matters: exploitation grants admin privileges and raises compromise risk.
What steps have you taken?
#cybersecurity #vulnerabilities #Ivanti


Latest comments
No comments yet.