Home · Live brief · Daily brief 2026-05-08
CVE-2026-5787 — Ivanti EPMM improper certificate validation (pre-auth Sentry impersonation, CVSS 9.1)
Part of run 2026-05-08-migrated (intel · unknown)
EPMM's internal PKI issues CA-signed certificates to registered Sentry gateway hosts upon verified registration. CVE-2026-5787 (CWE-295) is a failure in that verification: an attacker submits a crafted registration request and EPMM issues a valid CA-signed certificate without confirming prior registration. The certificate carries Sentry-level trust and satisfies EPMM's administrative authentication gate, enabling the CVE-2026-6973 chain. No workaround fully mitigates CVE-2026-5787 in isolation; patching is required. Affected: all on-prem EPMM < 12.6.1.1 / 12.7.0.1 / 12.8.0.1.
“EPMM's internal PKI issues CA-signed certificates to registered Sentry gateway hosts upon verified registration.” — ctipilot v2 brief (migrated)