Ivanti Warns of New EPMM Zero-Day Vulnerability Under Active Exploitation

Ivanti has disclosed a high-severity remote code execution vulnerability, tracked as CVE-2026-6973, in its Endpoint Manager Mobile (EPMM) product. This flaw is actively being exploited in zero-day attacks against a limited number of customers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch by May 10, 2026.

Context

Ivanti's Endpoint Manager Mobile is widely used by organizations to manage mobile devices. The vulnerability, identified as CVE-2026-6973, allows for remote code execution, which can lead to severe security breaches. The U.S. Cybersecurity and Infrastructure Security Agency has recognized the urgency of this issue by including it in its Known Exploited Vulnerabilities catalog.

Why it matters

The disclosure of the EPMM zero-day vulnerability is critical as it poses a significant risk to organizations using Ivanti's software. Active exploitation means that attackers are already taking advantage of this flaw, potentially compromising sensitive data. Prompt action is necessary to mitigate risks and protect systems from unauthorized access.

Implications

If left unaddressed, the vulnerability could lead to data breaches, financial losses, and reputational damage for affected organizations. Federal agencies are mandated to act, which may set a precedent for other sectors to follow. The situation highlights the ongoing challenges of cybersecurity and the need for robust protective measures in software management.

What to watch

Organizations using Ivanti's EPMM should prioritize patching their systems before the May 10, 2026 deadline set by CISA. Monitoring for updates from Ivanti regarding the vulnerability and available patches will be essential. Additionally, observing the response from affected organizations can provide insights into the broader impact of this vulnerability.