Skip to content
Activamente explotadaCVSS 7.2 · HIGH

CVE-2026-6973

Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.

Ver en NVD

Análisis

Ivanti Endpoint Manager Mobile (EPMM) is vulnerable to remote code execution (RCE) via improper input validation. CISA has confirmed this vulnerability is being actively exploited in the wild, and administrators should update to versions 12.6.1.1, 12.7.0.1, or 12.8.0.1 immediately.

Severidad

Puntaje: 7.2(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: HIGH
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-20

CISA KEV

Agregada al KEV: 2026-05-07
Fecha límite federal: 2026-05-10
Uso conocido en ransomware: Unknown
Acción requerida

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Afecta

ivanti:endpoint_manager_mobile

Descripción técnica

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

Publicada: 7/5/2026, 16:16:23
Última modificación: 7/5/2026, 19:18:39

Referencias

InicioEventosBlogRecursosEquipo