🔴 CVE-2026-6973

CVE-2026-6973 is an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows authenticated administrators to achieve remote code execution. EPMM is typically deployed as an internet-facing mobile device management server, making this a direct network exploitation risk.

← Back to Overview
HIGH_RISK
Risk Level
7.2
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-05-07

Added to CISA KEV: 2026-05-07 0 DAY BETWEEN CVE AND KEV

🌐 Internet Exposure (Shodan): 661 internet-facing instances →
Query: http.title:"MobileIron"   View on Shodan ↗
MobileIron was the previous name for Ivanti EPMM before the Ivanti acquisition, and many deployments may still show the legacy branding in web interfaces
Checked: 2026-06-04

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-05-07)

There is no information available regarding CVE-2026-6973. The provided search results do not contain any details about this specific CVE, its exploitation, or its presence in the CISA Known Exploited Vulnerabilities (KEV) catalog.

CISA maintains the Known Exploited Vulnerabilities (KEV) Catalog as an authoritative source of vulnerabilities that have been exploited in the wild [1][4]. Organizations are advised to use this catalog to prioritize their vulnerability management efforts [1][6]. CISA adds vulnerabilities to the KEV catalog based on evidence of active exploitation [5][7]. The catalog is updated within 24 hours of known exploitation evidence [2]. Information on the KEV catalog is available in CSV and JSON formats [3].

Sources

  1. Known Exploited Vulnerabilities Catalog - CISA

    For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…

  2. BOD 22-01: Reducing the Significant Risk of Known Exploited... | CISA

    CISA adds the reported actively exploited vulnerabilities to the KEV catalog, provided they meet BOD 22-01 requirements. Exploited vulnerabilities CISA uncovers through incident response efforts are also added to the KEV catalog. CISA analysts perform daily open-source searches for vulnerabilities.H…

  3. The Kev Catalog

    A detailed list of Known Exploited Vulnerabilities. Available as CSV and JSON files.

  4. Reducing the Significant Risk of Known Exploited Vulnerabilities - CISA

    Learn about the importance of CISA's Known Exploited Vulnerability (KEV) catalog and how to use it to help build a collective resilience across the cybersecurity community.

  5. CISA Adds Six Known Exploited Vulnerabilities to Catalog

    CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed