Improper Certificate Validation in Endpoint Manager Mobile (formerly MobileIron Core) - CVE-2026-7821
Published: May 7, 2026
Vulnerability identifier: #VU130639
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-7821
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Ivanti
Affected software:
Endpoint Manager Mobile (formerly MobileIron Core)
Endpoint Manager Mobile (formerly MobileIron Core)
Detailed vulnerability description
The vulnerability allows a remote attacker to enroll a device belonging to a restricted set of unenrolled devices, disclose information about the EPMM appliance, and affect the integrity of the newly enrolled device identity.
The vulnerability exists due to improper certificate validation in Ivanti Endpoint Manager Mobile (EPMM) when processing device enrollment. A remote attacker can submit crafted enrollment material to enroll a device belonging to a restricted set of unenrolled devices, disclose information about the EPMM appliance, and affect the integrity of the newly enrolled device identity.
Only deployments configured to use Apple Device Enrollment are at risk.
How to mitigate CVE-2026-7821
Install security update from vendor's website.