VulnerabilityBleeping Computer
9.8 — CRITICAL
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) has been exploited in zero-day attacks, with CISA mandating federal agencies patch their systems by May 10. The vulnerability allows attackers with administrative privileges to execute arbitrary code remotely on systems running EPMM 12.8.0.0 and earlier.
⚙️Technical Details
CVEs
CVE-2026-6973CVE-2026-1281CVE-2026-1340Affected Systems: Ivanti Endpoint Manager MobileAttack Vectors: NETWORK
Affected Systems
Ivanti Endpoint Manager Mobile
Attack Vectors
NETWORK
💥Impact Assessment
Severity: CRITICAL
🛡️Recommended Actions
1Apply the patch provided by Ivanti (Ivanti EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1)
2Review accounts with Admin rights and rotate those credentials where necessary
3Monitor systems for suspicious activity and implement additional security controls
📦Affected Products
Ivanti Endpoint Manager Mobile
🔐NVD Verified DataVERIFIED
CVE-2026-6973 ↗CVSS 7.2 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-20
Affected Products (CPE)
Ivanti Endpoint Manager Mobile
CVE-2026-1281 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-94
Affected Products (CPE)
Ivanti Endpoint Manager Mobile
CVE-2026-1340 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-94
Affected Products (CPE)
Ivanti Endpoint Manager Mobile
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.