SB20260507244 - Multiple vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260507244

SB20260507244 - Multiple vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM)

Published: May 7, 2026

Security Bulletin ID SB20260507244
CSH Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Input validation error (CVE-ID: CVE-2026-6973)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper input validation in Ivanti Endpoint Manager Mobile (EPMM) when processing input. A remote privileged user can send crafted input to execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.


2) Improper access control (CVE-ID: CVE-2026-5786)

The vulnerability allows a remote user to gain administrative access.

The vulnerability exists due to improper access control in Ivanti Endpoint Manager Mobile (EPMM) when handling requests. A remote user can send crafted requests to gain administrative access.


3) Improper Certificate Validation (CVE-ID: CVE-2026-5787)

The vulnerability allows a remote attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

The vulnerability exists due to improper certificate validation in Ivanti Endpoint Manager Mobile (EPMM) when validating certificates. A remote attacker can present crafted certificate material to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.


4) Improper access control (CVE-ID: CVE-2026-5788)

The vulnerability allows a remote attacker to invoke arbitrary methods.

The vulnerability exists due to improper access control in Ivanti Endpoint Manager Mobile (EPMM) when handling requests. A remote attacker can send crafted requests to invoke arbitrary methods.


5) Improper Certificate Validation (CVE-ID: CVE-2026-7821)

The vulnerability allows a remote attacker to enroll a device belonging to a restricted set of unenrolled devices, disclose information about the EPMM appliance, and affect the integrity of the newly enrolled device identity.

The vulnerability exists due to improper certificate validation in Ivanti Endpoint Manager Mobile (EPMM) when processing device enrollment. A remote attacker can submit crafted enrollment material to enroll a device belonging to a restricted set of unenrolled devices, disclose information about the EPMM appliance, and affect the integrity of the newly enrolled device identity.

Only deployments configured to use Apple Device Enrollment are at risk.


Remediation

Install update from vendor's website.

References