PT-2026-38454 · Ivanti · Epmm

Published

2026-05-07

Updated

2026-06-07

CVE-2026-5787

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1

Description Improper Certificate Validation allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

Recommendations Update to version 12.6.1.1 or later. Update to version 12.7.0.1 or later. Update to version 12.8.0.1 or later.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2026-5787

Affected Products

Epmm

PT-2026-38454 · Ivanti · Epmm

CVE-2026-5787

Weakness Enumeration

Related Identifiers

Affected Products

References · 12