Ivanti has issued a warning regarding a critical vulnerability identified as CVE-2026-6973, with a CVSS score of 7.2, affecting its Endpoint Manager Mobile (EPMM) software prior to versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. This flaw involves improper input validation, enabling remotely authenticated users with administrative access to execute arbitrary code, thereby escalating their privileges. The company has noted that this vulnerability is currently being exploited in limited active attacks, emphasizing the urgent need for organizations using EPMM to address this issue promptly.
For businesses utilizing Ivanti’s EPMM, the implications of this vulnerability are severe, as it can lead to unauthorized access and control over mobile devices managed through the platform. Companies are advised to update their EPMM instances to the latest versions to mitigate the risk associated with this flaw. This incident underscores the critical importance of robust cybersecurity measures, particularly in the realm of mobile device management, where vulnerabilities can have widespread repercussions. As organizations increasingly rely on mobile technologies, ensuring the security of these platforms becomes paramount in safeguarding sensitive data and maintaining operational integrity.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html)*