VYPR
High severity8.9NVD Advisory· Published May 7, 2026· Updated May 7, 2026

CVE-2026-5787

CVE-2026-5787

Description

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

Affected products

4
  • cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*range: <12.6.1.1
    • cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ivanti:endpoint_manager_mobile:12.8.0.0:*:*:*:*:*:*:*
  • Ivanti/EPMMllm-create
    Range: < 12.6.1.1, < 12.7.0.1, < 12.8.0.1

Patches

Vulnerability mechanics

References

1

News mentions

4