Description
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root
Published: 2026-06-09
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a classic OS command injection (CWE‑78) that allows a remote authenticated attacker to run arbitrary commands with root privileges on Ivanti Endpoint Manager Mobile servers. By sending specially crafted input, the attacker can supply operating‑system commands that are executed by the system without proper validation, compromising confidentiality, integrity, and availability of the target system.

Affected Systems

Ivanti Endpoint Manager Mobile (EPMM) prior to version 12.9.0.1, 12.8.0.3, and 12.7.0.2 are affected. These releases lack the necessary input sanitization that is required to prevent the injection.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity vulnerability. Because the attack requires authentication, the threat is lessening to users who have legitimate access to the EPMM console; however, compromised credentials or phishing could enable exploitation. The EPSS score is not available, and the vulnerability has not yet been listed in CISA’s Known Exploited Vulnerabilities catalog, so there is no evidence of active exploitation. Proper network segmentation and least‑privilege policies can reduce the likelihood of successful attack, but the potential impact remains significant.

Generated by OpenCVE AI on June 9, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ivanti Endpoint Manager Mobile to version 12.9.0.1 or later, which contains the vendor‑issued fix for the injection weakness.
  • If an upgrade cannot be performed immediately, disable or restrict the affected functionality, or limit network access to authenticated users who need it, to reduce the attack surface.
  • Implement strict monitoring of command‑execution logs for anomalies, and enforce strong authentication and least‑privilege principles to help detect and mitigate potential exploitation.

Generated by OpenCVE AI on June 9, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager Mobile
Vendors & Products Ivanti
Ivanti endpoint Manager Mobile

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Remote Authenticated OS Command Injection in Ivanti Endpoint Manager Mobile Allowing Root Execution

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Description An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ivanti Endpoint Manager Mobile
cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2026-06-09T15:34:13.137Z

Reserved: 2026-06-03T09:56:16.844Z

Link: CVE-2026-10727

cve-icon Vulnrichment

Updated: 2026-06-09T15:34:07.799Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T16:16:35.950

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-10727

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T18:30:10Z

Weaknesses