Endpoint Manager Mobile
Sign in to watchby Ivanti
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1340 | Cri | 0.84 | 9.8 | 0.71 | KEV | Jan 29, 2026 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. |
| CVE-2026-6973 | Hig | 0.59 | 7.2 | 0.06 | KEV | May 7, 2026 | An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. |
| CVE-2026-5787 | Hig | 0.58 | 8.9 | 0.00 | May 7, 2026 | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates. | |
| CVE-2026-5786 | Hig | 0.57 | 8.8 | 0.00 | May 7, 2026 | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access. | |
| CVE-2026-7821 | Hig | 0.48 | 7.4 | 0.00 | May 7, 2026 | Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity. | |
| CVE-2026-5788 | Hig | 0.46 | 7.0 | 0.00 | May 7, 2026 | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. |