Ivanti Warns of Critical EPMM Security Vulnerability

On May 7, 2026, Ivanti issued a warning to its customers regarding a high-severity security vulnerability in the Endpoint Manager Mobile (EPMM) software. This vulnerability allows attackers to perform remote code execution. Reports indicate that this security flaw is already being exploited in active zero-day attacks, increasing the urgency for a patch. The vulnerability has been classified as CVE-2026-12345 and affects multiple versions of the EPMM software.

Ivanti recommends that all users promptly install the latest security updates to protect their systems. The exact number of affected systems is currently unknown; however, widespread deployment of the software in corporate environments is suspected. In the warning, Ivanti emphasizes that attackers can take control of affected devices through this vulnerability. This could lead to significant data loss or further compromises within the corporate infrastructure. The security vulnerability affects both mobile devices and the management systems connected to EPMM.

Ivanti's security researchers have found that the attacks are specifically targeting companies that use EPMM to manage their mobile devices. Attackers are employing sophisticated techniques to exploit the vulnerability, making detection and defense against the attacks more challenging. Companies are advised to review their security protocols and implement additional protective measures. Ivanti has already released an update to address the vulnerability. Users should ensure they are using the latest version of the software to protect against the attacks.

The company has also provided guidance on how to install the patch to ensure system security. The discovery of this vulnerability comes at a time when cyberattacks on companies worldwide are increasing. According to the Cybersecurity & Infrastructure Security Agency (CISA), there was a 30% rise in cyber incidents in 2025 attributed to vulnerabilities in enterprise software. This trend underscores the necessity of implementing security updates in a timely manner. The vulnerability in EPMM is not the first of its kind discovered in recent years.

Similar vulnerabilities in other software solutions have already led to significant security incidents. Experts warn that companies that do not act proactively are at high risk of becoming victims of cyberattacks. Ivanti has announced that further information regarding the vulnerability and the security measures taken will be released in the coming days. Users are encouraged to regularly check Ivanti's official communication channels to stay informed about new developments. The vulnerability is considered one of the most critical in enterprise software for the year 2026.

The CVE-2026-12345 vulnerability could potentially affect thousands of companies worldwide that use EPMM to manage their mobile devices. Ivanti has already collaborated with various security agencies to assess the impact of the vulnerability and take appropriate measures. The security flaw has been rated as highly critical, meaning that companies using EPMM should take immediate action to protect their systems. Ivanti has emphasized that customer security is a top priority and that the company will do everything in its power to support users. The release of the patch is in accordance with industry best practices for security management.

Ivanti recommends that all users carefully follow the instructions for installing the patch to ensure their systems are fully protected. The vulnerability was identified as critical in internal testing and requires immediate attention. The vulnerability was publicly disclosed by Ivanti on May 7, 2026, and the company has already taken steps to inform and assist affected users.