The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to secure Ivanti Endpoint Manager Mobile (EPMM) systems against CVE-2026-6973. This high-severity vulnerability allows attackers with administrative credentials to execute arbitrary code remotely. It has already been observed in limited zero-day exploits.
Ivanti has released security updates for versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 to address the flaw. Organizations are advised to rotate administrative credentials and audit accounts, as previous zero-day activity in the same product line suggests a high risk of continued targeting. Shadowserver currently identifies over 800 exposed appliances worldwide.