HomeCVE Intelligence › CVE-2026-6973
CVSS 8.0 HIGH 🔴 ACTIVELY EXPLOITED Vulnerability

CVE-2026-6973: Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improp…

8.0CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-6973
VendorThe Hacker News
Affected ProductThreat Intelligence
Vulnerability TypeVulnerability
CVSS Score8.0 (HIGH)
Actively Exploited✅ Yes
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via thehackernews)

🔬 Technical Analysis

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve remote code

🎯 Known Indicators of Compromise

{"type":"ipv4","value":"12.6.1.1","confidence_score":0.88,"first_seen":"2026-05-07","source_count":1} {"type":"ipv4","value":"12.7.0.1","confidence_score":0.88,"first_seen":"2026-05-07","source_count":1} {"type":"ipv4","value":"12.8.0.1","confidence_score":0.88,"first_seen":"2026-05-07","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-6973 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence