Ivanti released May 2026 security updates for Endpoint Manager Mobile to fix five vulnerabilities, including CVE-2026-6973, a zero-day that was exploited in targeted attacks. The company warned that a small number of customers were affected and noted the flaw may have been chained with earlier issues, including CVE-2026-1281 and CVE-2026-1340, while CISA added CVE-2026-6973 to its KEV catalog. #Ivanti #CVE-2026-6973 #CVE-2026-1281 #CVE-2026-1340 #CISA
Keypoints
- Ivanti patched five vulnerabilities in Endpoint Manager Mobile.
- CVE-2026-6973 is a high-severity zero-day used in targeted attacks.
- The flaw can let an authenticated admin achieve remote code execution.
- Ivanti said prior credential rotation can reduce risk from related exploits.
- CISA added CVE-2026-6973 to its Known Exploited Vulnerabilities catalog.
Read More: https://www.securityweek.com/ivanti-patches-epmm-zero-day-exploited-in-targeted-attacks/