PT-2026-38456 · Ivanti · Epmm

Published

2026-05-07

Updated

2026-06-25

CVE-2026-6973

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile versions prior to 12.7.0.2 Ivanti Endpoint Manager Mobile versions prior to 12.8.0.3 Ivanti Endpoint Manager Mobile versions prior to 12.9.0.1

Description A configuration control issue caused by improper input validation allows a remote authenticated attacker with administrator access to inject arbitrary Apache directives. This can lead to remote code execution on the system. The issue has been actively exploited in the wild, with over 850 servers reported as reachable from the internet. Successful exploitation may put employee payroll records, device credentials, and sensitive files at risk.

Recommendations Update to version 12.6.1.1 or higher. Update to version 12.7.0.1 or higher. Update to version 12.8.0.1 or higher.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-15

Related Identifiers

BDU:2026-06623

CVE-2026-6973

Affected Products

Epmm

PT-2026-38456 · Ivanti · Epmm

CVE-2026-6973

Weakness Enumeration

Related Identifiers

Affected Products

References · 154