Main Vulnerability Database Vulnerabilities #VU130638

Input validation error in Endpoint Manager Mobile (formerly MobileIron Core) - CVE-2026-6973

Published: May 7, 2026

Vulnerability identifier: #VU130638

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2026-6973

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Endpoint Manager Mobile (formerly MobileIron Core)

Software vendor:
Ivanti

Description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper input validation in Ivanti Endpoint Manager Mobile (EPMM) when processing input. A remote privileged user can send crafted input to execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install security update from vendor's website.

External links

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US

Input validation error in Endpoint Manager Mobile (formerly MobileIron Core) - CVE-2026-6973

Description

Remediation

External links

Please verify you're human