Description
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
Published: 2026-05-07
Score: 7.2 High
EPSS: 20.2% Moderate
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper input validation flaw exists in Ivanti Endpoint Manager Mobile versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. A remotely authenticated administrative user can use this flaw to achieve remote code execution. This vulnerability is linked to CWE‑20.

Affected Systems

Ivanti Endpoint Manager Mobile deployments running versions 12.6.1.0, 12.7.0.0, or 12.8.0.0 are vulnerable when remote administrative access is enabled.

Risk and Exploitability

The CVSS score of 7.2 classifies the issue as high severity, and the EPSS score of 20% indicates a moderate probability of exploitation. The vulnerability is listed in the CISA KEV catalog, highlighting its active exploitation or high threat perception. Exploitation requires valid administrative credentials, meaning the attacker must first compromise or obtain those credentials, after which remote code execution can be achieved from any remote context.

Generated by OpenCVE AI on June 16, 2026 at 13:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Ivanti Endpoint Manager Mobile to a fixed release (version 12.6.1.1 or later, 12.7.0.1 or later, or 12.8.0.1 or later).
  • If a patch cannot be applied immediately, disable or tightly restrict remote administrative access to prevent authenticated exploitation.
  • Enforce multi‑factor authentication for all administrative accounts to reduce the risk of credential compromise.

Generated by OpenCVE AI on June 16, 2026 at 13:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Ivanti Endpoint Manager Mobile Allows Remote Code Execution for Authenticated Administrators

Fri, 12 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Ivanti Endpoint Manager Mobile Enables Remote Code Execution

Thu, 11 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Ivanti Endpoint Manager Mobile Enables Remote Code Execution

Thu, 11 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager_mobile:12.9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:12.8.0.0:*:*:*:*:*:*:*

Thu, 11 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-15
References

Thu, 11 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A configuration control vulnerability in the Ivanti Endpoint Manager Mobile before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to inject arbitrary Apache directives, leading to remote code execution. An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
Weaknesses CWE-20
References

Tue, 09 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:12.8.0.0:*:*:*:*:*:*:*		 cpe:2.3:a:ivanti:endpoint_manager_mobile:12.9.0.0:*:*:*:*:*:*:*

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Ivanti Endpoint Manager Mobile Enables Remote Code Execution for Admins

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
References

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Description An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. A configuration control vulnerability in the Ivanti Endpoint Manager Mobile before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to inject arbitrary Apache directives, leading to remote code execution.
Weaknesses CWE-15
References

Fri, 22 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Ivanti Endpoint Manager Mobile Enables Remote Code Execution for Admins

Fri, 08 May 2026 15:00:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Improper Input Validation in Ivanti Endpoint Manager Mobile Pre‑12.6.1.1 Releases

Thu, 07 May 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:12.8.0.0:*:*:*:*:*:*:*

Thu, 07 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Improper Input Validation in Ivanti Endpoint Manager Mobile Pre‑12.6.1.1 Releases
First Time appeared Ivanti
Ivanti endpoint Manager Mobile
Vendors & Products Ivanti
Ivanti endpoint Manager Mobile

Thu, 07 May 2026 17:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 07 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-05-07T00:00:00+00:00', 'dueDate': '2026-05-10T00:00:00+00:00'}

Thu, 07 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ivanti Endpoint Manager Mobile
cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2026-06-11T16:17:26.449Z

Reserved: 2026-04-24T17:57:36.236Z

Link: CVE-2026-6973

cve-icon Vulnrichment

Updated: 2026-05-07T16:15:28.014Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-07T16:16:23.163

Modified: 2026-06-11T17:54:41.607

Link: CVE-2026-6973

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T13:15:05Z

Weaknesses
  • CWE-20

    Improper Input Validation