CISA has ordered U.S. federal agencies to patch an actively exploited zero-day in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-6973, within four days due to the risk of remote code execution on exposed systems. Ivanti says the issue affects only on-prem EPMM and has released fixed versions, while urging customers to review admin accounts and rotate credentials where needed. #CVE-2026-6973 #IvantiEPMM #CISA
Keypoints
- CISA added CVE-2026-6973 to its exploited-in-the-wild list.
- The flaw can let authenticated admins execute arbitrary code remotely.
- Ivanti released patched EPMM versions 12.6.1.1, 12.7.0.1, and 12.8.0.1.
- The vulnerability affects only on-prem EPMM, not Ivanti Neurons for MDM or other Ivanti products.
- CISA gave federal agencies until midnight Sunday, May 10 to patch their systems.