CISA has issued an urgent directive for U.S. federal agencies to secure Ivanti Endpoint Manager Mobile (EPMM) systems against CVE-2026-6973. This high-severity vulnerability enables remote code execution (RCE) for attackers with administrative privileges. The security flaw is currently being exploited in zero-day attacks, prompting a rapid patching mandate with a deadline of May 10.
Ivanti has released updates for versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 to address the issue. This latest vulnerability follows a series of critical flaws in the EPMM product line targeted by attackers earlier this year. Security organizations report that over 800 appliances remain exposed online, and administrators are advised to rotate credentials and audit accounts with administrative rights.