Home · Live brief · Daily brief 2026-05-08
CVE-2026-6973 — Ivanti EPMM admin API improper input validation → RCE (CVSS 7.2, CISA KEV deadline 2026-05-10)
notable vulnerability discovered 2026-05-08 05:00 UTC single-source
Part of run 2026-05-08-migrated (intel · unknown)
An authenticated administrative user can pass crafted input to an EPMM REST API endpoint, triggering OS-level code execution at the service account privilege level (CWE-20). Standalone, this requires admin credentials; chained after CVE-2026-5787 it is fully pre-auth. CISA KEV deadline: 2026-05-10. EU internet-exposed on-prem instances: approx. 508 (Censys/Shodan). Fixed in 12.6.1.1, 12.7.0.1, 12.8.0.1.
“An authenticated administrative user can pass crafted input to an EPMM REST API endpoint, triggering OS-level code execution at the service account privilege level (CWE-20).” — ctipilot v2 brief (migrated)