Description
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
Published: 2026-05-07
Score: 8.9 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper certificate validation flaw in Ivanti Endpoint Manager Mobile allows a remote unauthenticated attacker to impersonate registered Sentry hosts. By forging the identity of a legitimate host, the attacker can obtain valid client certificates that are signed by trusted Certificate Authorities. The capability to acquire these certificates can enable the attacker to authenticate as the client, tamper with or intercept communication, and potentially gain unauthorized access to managed endpoints.

Affected Systems

The vulnerability affects Ivanti Endpoint Manager Mobile deployments running any of the following pre‑release versions: 12.6.0.x, 12.6.1.0, 12.7.0.0, 12.7.0.0‑x, 12.8.0.0, and all releases prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. These versions do not enforce strict certificate validation when communicating with Sentry hosts.

Risk and Exploitability

With a CVSS score of 8.9, the flaw is rated as high severity. Because the attack vector is remote and requires no authentication, an attacker can target any exposed Endpoint Manager Mobile instance that accepts Sentry host connections. No EPSS data is available, and the vulnerability is not listed in CISA KEV, but the absence of a known fix does not reduce the likelihood of exploitation. An attacker can exploit this weakness by initiating a connection as a legitimate Sentry host and capturing or issuing client certificates that are trusted by the endpoint.

Generated by OpenCVE AI on May 7, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Ivanti Endpoint Manager Mobile to a version that incorporates the certificate validation fix, such as the latest release beyond 12.6.1.1, 12.7.0.1, or 12.8.0.1.
  • Re‑configure any custom or non‑trusted Sentry hosts to use only certificates issued by known and validated Certificate Authorities and enforce comparison of the presented certificate chain against the expected CA root.
  • If an immediate patch is unavailable, restrict network access to the Endpoint Manager Mobile instance so that only authorized Sentry hosts may connect, using firewall rules or host‑based controls to block unknown or untrusted hosts.

Generated by OpenCVE AI on May 7, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title Certificate Validation Flaw Enables Impersonation of Sentry Hosts in Ivanti Endpoint Manager Mobile

Thu, 07 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 07 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 8.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2026-05-07T16:16:19.406Z

Reserved: 2026-04-08T11:39:12.989Z

Link: CVE-2026-5787

cve-icon Vulnrichment

Updated: 2026-05-07T16:16:14.848Z

cve-icon NVD

Status : Received

Published: 2026-05-07T16:16:22.620

Modified: 2026-05-07T16:16:22.620

Link: CVE-2026-5787

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T17:30:25Z

Weaknesses