High severity7.0NVD Advisory· Published May 7, 2026· Updated May 7, 2026
CVE-2026-5788
CVE-2026-5788
Description
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
Affected products
3cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*range: <12.6.1.1
- cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager_mobile:12.8.0.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
1News mentions
4- Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)Help Net Security · May 8, 2026
- Ivanti Patches EPMM Zero-Day Exploited in Targeted AttacksSecurityWeek · May 8, 2026
- Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level AccessThe Hacker News · May 7, 2026
- Ivanti warns of new EPMM flaw exploited in zero-day attacksBleepingComputer · May 7, 2026