Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Details
CVSS v3
7.2
NVD published
2026-05-07 16:16:23
CISA date
2026-05-07
EPSS
5.0% probability · 89.8th percentile — 2026-05-11
Affected versions
All unpatched versions of Ivanti Endpoint Manager Mobile (EPMM)
Summary
This vulnerability allows remote authenticated administrative attackers to achieve remote code execution via improper input validation. It is confirmed as known exploited in the wild and listed in CISA KEV. This flaw poses severe risk to enterprise environments running the affected product.
Remediation
Apply the latest official security patches from Ivanti immediately. Follow CISA guidance for prioritizing patching of known exploited vulnerabilities. Restrict unauthenticated access to the affected service if patching cannot be completed immediately.
Exploit info
This exploit has been recorded in <strong>CISA KEV</strong> (CISA Known Exploited Vulnerabilities catalog, dateAdded 2026-05-07). You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.