New Ivanti EPMM 0-Day Vulnerability Actively Exploited in Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Ivanti has issued a critical security advisory for its Endpoint Manager Mobile (EPMM) product, disclosing multiple actively exploited vulnerabilities, including CVE-2026-6973, and urging all on-premises EPMM customers to apply patches immediately.<\/p>\n
At the time of disclosure, Ivanti confirmed active exploitation of CVE-2026-6973, a vulnerability that requires admin authentication to succeed.<\/p>\n
The flaws exclusively affect the on-premises EPMM product and are not present in Ivanti Neurons for MDM, Ivanti\u2019s cloud-based unified endpoint management solution, Ivanti EPM, Ivanti Sentry, or any other Ivanti products.<\/p>\n
Exploitation activity has been described as \u201cvery limited\u201d at the time of public disclosure, though the company strongly warned that advanced AI models have dramatically collapsed the time-to-exploit window from days to mere hours after a vulnerability becomes public.<\/p>\n
In a notable shift in vulnerability management<\/a> strategy, Ivanti disclosed that it has integrated multiple advanced large language model (LLM) AI systems into its product security and engineering red team processes.<\/p>\n This integration has enhanced the capabilities of its internal security teams to identify and remediate vulnerabilities that traditional static analysis (SAST) and dynamic analysis (DAST) tools typically miss.<\/p>\n Ivanti acknowledged<\/a> that some of the vulnerabilities being disclosed today were discovered directly through this AI-assisted process. The company maintains a \u201chuman in the loop\u201d policy to verify all automated or agentic findings, ensuring responsible use of AI in its security program.<\/p>\n Ivanti\u2019s EPMM has been a recurring target for sophisticated threat actors. CISA has flagged<\/a> at least 31 Ivanti defects on its Known Exploited Vulnerabilities (KEV) catalog since late 2021, and at least 19 defects across Ivanti products have been exploited in the past two years alone.<\/p>\n Previous zero-day campaigns against EPMM include CVE-2025-4427<\/a> and CVE-2025-4428<\/a> in May 2025, and CVE-2023-35078<\/a> and CVE-2023-35082<\/a> in 2023, with some attacks attributed to Chinese state-sponsored threat groups.<\/p>\n The consistent targeting of EPMM underscores the product\u2019s high-value position in enterprise mobile device management infrastructure.<\/p>\n The vulnerabilities disclosed in Ivanti\u2019s May 2026 security advisory<\/a> affect only on-premises EPMM deployments. Organizations running cloud-based Ivanti Neurons for MDM are not impacted.<\/p>\n Ivanti has published detailed remediation instructions through its official Security Advisory, with patch packages that the company says take only seconds to apply and cause no downtime.<\/p>\n Ivanti strongly urges all on-premises EPMM administrators to take immediate action:<\/p>\n Ivanti cautioned that as AI-driven tooling becomes further embedded in its security processes, customers should expect an increase in vulnerability disclosures, a transparency initiative the company frames as a proactive step toward more resilient products rather than a sign of weakening security posture.<\/p>\n Cybercriminals now enter through your suppliers instead of your front door \u2013 Free Webinar<\/a><\/strong><\/p>\n The post New Ivanti EPMM 0-Day Vulnerability Actively Exploited in Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nMitigations<\/strong><\/h2>\n
\n
\/var\/log\/httpd\/https-access_log<\/code> for signs of attempted or successful exploitation.<\/li>\n