Ivanti has released a significant security update for its Endpoint Manager Mobile (EPMM) product, addressing multiple vulnerabilities, including a critical zero-day flaw. This update, announced on Thursday, is part of Ivanti’s May 2026 security patch release.
Details of the Zero-Day Vulnerability
The primary concern is the CVE-2026-6973 vulnerability, a high-severity issue related to improper input validation. This flaw can be exploited by attackers with admin privileges to execute remote code. Ivanti acknowledged that this vulnerability has been used in limited targeted attacks.
Despite the targeted nature of these attacks, Ivanti has stressed the importance of adhering to their security recommendations. In January, the company advised customers to rotate credentials if they were affected by CVE-2026-1281 and CVE-2026-1340, which could mitigate the risk posed by the new zero-day vulnerability.
Potential Threats and Exploitation
There is speculation that CVE-2026-6973 might be used in conjunction with CVE-2026-1281 and CVE-2026-1340, both of which enable unauthenticated remote code execution. This combination could allow attackers to take over the targeted mobile device management infrastructure fully.
Although details about the attackers exploiting CVE-2026-6973 remain scarce, it is often suggested that Chinese threat actors are behind such sophisticated zero-day attacks on Ivanti products.
Security Responses and Future Outlook
The Cybersecurity and Infrastructure Security Agency (CISA) has responded by adding CVE-2026-6973 to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are urged to address this vulnerability by May 10. The KEV list now includes 34 vulnerabilities related to Ivanti products.
In addition to the zero-day flaw, Ivanti’s latest updates also patched other vulnerabilities, identified as CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821, which could lead to privilege escalation and information disclosure. Ivanti has confirmed these have not been exploited in the wild.
As the cybersecurity landscape continues to evolve, organizations using Ivanti products are encouraged to stay informed about updates and implement patches promptly to protect their systems against emerging threats.
