The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has given U.S. federal companies 4 days to protected their networks in opposition to a high-severity vulnerability in Ivanti Endpoint Supervisor Cell (EPMM) that has been exploited in zero-day assaults.
Tracked as CVE-2026-6973, this safety flaw permits attackers with administrative privileges to execute arbitrary code remotely on methods working EPMM 12.8.0.0 and previous.
In a Thursday safety advisory, Ivanti informed shoppers they may be able to protected their home equipment by means of putting in Ivanti EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1, and prompt them to study accounts with Admin rights and rotate the ones credentials the place vital.
“On the time of disclosure, we’re conscious about very restricted exploitation of CVE-2026-6973, which calls for admin authentication for a hit exploitation. We aren’t conscious about any shoppers being exploited by means of the opposite vulnerabilities disclosed as of late,” it stated.
“The problems best have an effect on the on-prem EPMM product, and aren’t found in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint control answer, Ivanti EPM (a in a similar fashion named, however other product), Ivanti Sentry, or every other Ivanti merchandise.”
Nonprofit safety group Shadowserver now tracks over 800 Ivanti EPMM home equipment uncovered on-line. Then again, there’s no data on what number of have already been patched in opposition to the CVE-2026-6973 vulnerability.
.png "CISA offers feds 4 days to patch Ivanti flaw exploited as zero-day")
On Thursday, CISA added the safety flaw to its listing of vulnerabilities exploited in assaults and mandated that federal companies patch their EPMM methods by means of nighttime Sunday, Would possibly 10.
“This sort of vulnerability is a widespread assault vector for malicious cyber actors and poses vital dangers to the federal undertaking,” CISA warned.
In past due January, Ivanti patched two different important EPMM safety problems (CVE-2026-1281 and CVE-2026-1340) that have been exploited in zero-day assaults affecting a “very restricted choice of shoppers.” On April 8, CISA additionally gave U.S. executive companies 4 days to protected their methods in opposition to assaults focused on the CVE-2026-1340 flaw.
“If shoppers adopted Ivanti’s advice in January to rotate credentials when you have been exploited with CVE-2026-1281 and CVE-2026-1340, then your chance of exploitation from CVE-2026-6973 is considerably decreased,” the corporate famous on Thursday.
Ivanti supplies IT asset control answers to over 40,000 shoppers international, supported by means of an intensive community of over 7,000 companions.
AI chained 4 zero-days into one exploit that bypassed each renderer and OS sandboxes. A wave of recent exploits is coming.
On the Self reliant Validation Summit (Would possibly 12 & 14), see how self reliant, context-rich validation unearths what is exploitable, proves controls dangle, and closes the remediation loop.
Declare Your Spot
