Home · Briefs · CTI Daily Brief — 2026-05-08
CVE-2026-6973 — Ivanti EPMM admin API improper input validation → RCE (CVSS 7.2, CISA KEV deadline 2026-05-10)
From CTI Daily Brief — 2026-05-08 · published 2026-05-08
An authenticated administrative user can pass crafted input to an EPMM REST API endpoint, triggering OS-level code execution at the service account privilege level (CWE-20). Standalone, this requires admin credentials; chained after CVE-2026-5787 it is fully pre-auth. CISA KEV deadline: 2026-05-10. EU internet-exposed on-prem instances: approx. 508 (Censys/Shodan). Fixed in 12.6.1.1, 12.7.0.1, 12.8.0.1. See § 7 for detailed chain mechanics.