Ivanti Warns of Critical Security Vulnerability in EPMM

Ivanti has identified a new security vulnerability in its Endpoint Manager Mobile (EPMM) software, which is already being exploited in limited attacks. The vulnerability, identified as CVE-2026-6973, has a high severity rating of 7.2 on the CVSS scale. All versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 are affected. The security flaw results from improper input validation, allowing a remotely authenticated user with administrative access to execute remote code. This could enable attackers to gain full control over affected systems, posing significant risks to businesses.

Ivanti has already taken steps to identify the affected versions and warn users. The company recommends updating to the latest versions to mitigate the vulnerability. The affected versions are widely used in many enterprise environments, increasing the urgency of the situation. The attacks exploiting this vulnerability have so far been focused on a limited number of targets. However, security experts advise that systems be checked immediately and security measures be implemented to prevent potential attacks.

The possibility that this vulnerability could be exploited on a larger scale exists. The security flaw was discovered in recent weeks and is part of a series of vulnerabilities that frequently arise in the software industry. Ivanti has emphasized that the security of its products is a top priority and that the company is continuously working to improve its security measures. The IT security community has already responded to the announcement, recommending that systems be regularly patched and security policies reviewed. Companies should ensure that their security software is up to date to defend against such attacks.

The CVE-2026-6973 vulnerability could potentially affect thousands of companies that use EPMM to manage their mobile devices. Ivanti has not released specific information about the number of affected systems; however, the prevalence of the software in enterprise environments is well known. Security updates for the affected versions are expected to be provided in the coming weeks. Ivanti has announced that users will be informed of the exact timelines as soon as they are established. A swift response to such security vulnerabilities is crucial to ensure the integrity of systems.

The discovery of this vulnerability underscores the need for companies to implement proactive security strategies. IT departments should conduct regular training to raise awareness of security risks and ensure that all employees are informed about the latest threats. The vulnerability was officially disclosed by Ivanti on May 12, 2026, and the security community is closely monitoring the situation to track potential developments.