Active Exploitation of Ivanti Endpoint Manager Mobile (CVE‑2026‑6973) Added to CISA KEV Catalog
What It Is — Ivanti Endpoint Manager Mobile (EPMM) contains an improper input‑validation flaw (CVE‑2026‑6973) that allows an attacker to inject crafted data and potentially achieve code execution on managed devices.
Exploitability — The vulnerability is confirmed to be actively exploited in the wild; CISA has placed it in the Known Exploited Vulnerabilities (KEV) catalog. No public PoC is required to demonstrate exploitation.
Affected Products — Ivanti Endpoint Manager Mobile (EPMM) – all versions prior to the vendor‑issued patch (see Ivanti advisory).
TPRM Impact — Organizations that rely on Ivanti EPMM for mobile device management inherit the risk of remote compromise, which can cascade to downstream partners, SaaS integrations, and data‑handling pipelines.
Recommended Actions
- Prioritize patching Ivanti EPMM to the latest release that addresses CVE‑2026‑6973.
- Conduct an emergency inventory of all endpoints managed by EPMM and verify patch status.
- Apply compensating controls (network segmentation, application‑allow‑list) until remediation is complete.
- Update vulnerability‑management playbooks to flag KEV entries as high‑priority items.
- Notify third‑party service providers that rely on your managed devices of the remediation timeline.
Source: CISA Advisory – May 07 2026