CISA Mandates Urgent Patching for Ivanti EPMM Zero-Day
CISA has mandated that U.S. federal agencies patch the actively exploited Ivanti EPMM zero-day vulnerability, CVE-2026-6973, within four days.
CISA has issued an emergency directive requiring U.S. federal agencies to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) within four days [BleepingComputer]. The vulnerability, tracked as CVE-2026-6973, has been confirmed as a zero-day and is currently being exploited in the wild [Help Net Security].
The flaw stems from improper input validation in the EPMM solution, which allows remote attackers who possess administrative privileges to execute arbitrary code on affected instances [Help Net Security]. While Ivanti reports that the number of customers impacted by this exploitation is currently limited, the potential for unauthorized system control poses a significant risk to organizational security [Help Net Security].
Ivanti has released security updates to address this vulnerability and four other high-severity flaws in the EPMM platform [Help Net Security]. Organizations are urged to apply these patches immediately to mitigate the risk of remote code execution. CISA’s mandate underscores the urgency of the situation for federal entities, and all users should monitor the Ivanti security advisory for further guidance and patch details.