External risk intelligence
Ivanti EPMM could allow an authenticated admin to take control of the server
Ivanti Endpoint Manager Mobile could allow an attacker with stolen administrative credentials to gain full control over the mobile device management infrastructure. This flaw is being actively exploited in the wild, creating a significant risk for organizations with internet-facing management portals.
CVE-2026-6973
Exposure facts
H – Horizon Alert
A security vulnerability has been identified in Ivanti Endpoint Manager Mobile (EPMM) involving an issue with how the software processes input. This flaw could allow an authenticated user with administrative privileges to execute unauthorized code remotely on the system. Because this capability directly affects a management platform, it poses a significant risk of unauthorized control over the system's functions.
A – Asset Exposure
The issue affects Ivanti Endpoint Manager Mobile (EPMM), which is used to manage and secure mobile devices across an organization. If an organization’s administrative credentials are compromised, an attacker could potentially gain unauthorized control over the underlying operational systems. This could impact the broader service availability and the overall integrity of the managed mobile environment.
L – Live Threat
This vulnerability has been officially recognized by CISA in their Known Exploited Vulnerabilities catalog, confirming that it is actively exploited in the wild. This indicates that malicious actors are currently targeting this flaw, representing a verified and significant risk signal. While the available context does not specify proof-of-concept availability or the scope of current campaigns, the inclusion in this registry is a clear indicator of observed, successful attacks.
O – Operational Fix
We have identified a security risk affecting Ivanti Endpoint Manager Mobile (EPMM) that is currently monitored by federal cybersecurity agencies as being actively exploited. Please prioritize reviewing the official Ivanti security advisory to apply the necessary mitigations or updates immediately. If these corrective measures cannot be implemented in your environment, please consider suspending the use of the product until it can be secured.