Ivanti has disclosed active exploitation of CVE-2026-6973, a zero-day in Endpoint Manager Mobile that lets authenticated administrators execute remote code, and has released patches for five related vulnerabilities. The issue adds to a long pattern of attacks against Ivanti products, following earlier exploited flaws that affected nearly 100 victims, including the Dutch Data Protection Authority and the Council for the Judiciary. #Ivanti #CVE-2026-6973 #CVE-2026-1281 #CVE-2026-1340
Keypoints
- Ivanti customers are again being targeted through a zero-day in Endpoint Manager Mobile.
- CVE-2026-6973 allows remote code execution with authenticated administrative access.
- Ivanti released patches for five vulnerabilities, including four additional high-severity flaws.
- CISA quickly added CVE-2026-6973 to its known exploited vulnerabilities catalog.
- Ivanti EPMM has a repeated history of exploitation, including earlier flaws that hit nearly 100 victims.
Read More: https://cyberscoop.com/ivanti-epmm-zero-day-vulnerability-exploited/