Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

Ivanti has not shared any other information on the attacks involving CVE-2026-6973. However, it’s worth noting thatChinesethreat actors are often believed to be behind zero-day attacks targeting Ivanti product flaws.CISA added CVE-2026-6973to its KEV catalog on Thursday, instructing federal agencies to address it by May 10. CISA’sKEVlist currently includes 34 Ivanti product vulnerabilities.Ivanti pointed out in its advisory that the remaining vulnerabilities patched with the latest EPMM updates do not appear to have been exploited in the wild.These security holes are tracked as CVE-2026-5786, CVE-2026-5787, CVE-2026-5788 and CVE-2026-7821, and they can be exploited for privilege escalation, obtaining client certificates, invoking arbitrary methods, and information disclosure.Related:Two Vulnerabilities Patched in Ivanti Neurons for ITSMRelated:Fortinet, Ivanti, Intel Patch High-Severity VulnerabilitiesRelated:Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

CISA added CVE-2026-6973to its KEV catalog on Thursday, instructing federal agencies to address it by May 10. CISA’sKEVlist currently includes 34 Ivanti product vulnerabilities.Ivanti pointed out in its advisory that the remaining vulnerabilities patched with the latest EPMM updates do not appear to have been exploited in the wild.These security holes are tracked as CVE-2026-5786, CVE-2026-5787, CVE-2026-5788 and CVE-2026-7821, and they can be exploited for privilege escalation, obtaining client certificates, invoking arbitrary methods, and information disclosure.Related:Two Vulnerabilities Patched in Ivanti Neurons for ITSMRelated:Fortinet, Ivanti, Intel Patch High-Severity VulnerabilitiesRelated:Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

Ivanti pointed out in its advisory that the remaining vulnerabilities patched with the latest EPMM updates do not appear to have been exploited in the wild.These security holes are tracked as CVE-2026-5786, CVE-2026-5787, CVE-2026-5788 and CVE-2026-7821, and they can be exploited for privilege escalation, obtaining client certificates, invoking arbitrary methods, and information disclosure.Related:Two Vulnerabilities Patched in Ivanti Neurons for ITSMRelated:Fortinet, Ivanti, Intel Patch High-Severity VulnerabilitiesRelated:Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

These security holes are tracked as CVE-2026-5786, CVE-2026-5787, CVE-2026-5788 and CVE-2026-7821, and they can be exploited for privilege escalation, obtaining client certificates, invoking arbitrary methods, and information disclosure.Related:Two Vulnerabilities Patched in Ivanti Neurons for ITSMRelated:Fortinet, Ivanti, Intel Patch High-Severity VulnerabilitiesRelated:Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

Related:Two Vulnerabilities Patched in Ivanti Neurons for ITSMRelated:Fortinet, Ivanti, Intel Patch High-Severity VulnerabilitiesRelated:Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

Related:Fortinet, Ivanti, Intel Patch High-Severity VulnerabilitiesRelated:Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

Related:Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities.

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Source: SecurityWeek