CVE-2026-6973 is an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows authenticated administrators to achieve remote code execution. EPMM is typically deployed as an internet-facing mobile device management server, making this a direct network exploitation risk.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-05-07
Added to CISA KEV: 2026-05-07 0 DAY BETWEEN CVE AND KEV
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ... ... CISA’s catalogue of known exploited vulnerabilities (KEV). ... Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu." Apply updates per vendor instructions. ... EXTERNAL Known Exploited Vulnerabilities Catalog KEV Catalog Return to top Topics Spotlight Resources & Tools News & Events Careers About Cybersecurity & Infrastructure Security Agency
CISA adds the reported actively exploited vulnerabilities to the KEV catalog, provided they meet BOD 22-01 requirements. Exploited vulnerabilities CISA uncovers through incident response efforts are also added to the KEV catalog. CISA analysts perform daily open-source searches for vulnerabilities.How quickly does CISA update the KEV catalog after a new in-scope vulnerability is identified? CISA updates the KEV catalog within 24 hours of known exploitation evidence. There is an older CVE being added to the KEV catalog. Is CISA seeing an active exploitation for it?
A detailed list of Known Exploited Vulnerabilities. Available as CSV and JSON files.
Learn about the importance of CISA's Known Exploited Vulnerability (KEV) catalog and how to use it to help build a collective resilience across the cybersecurity community.
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.