Ivanti Releases Fixes for Five High-Severity Vulnerabilities, Including Actively Exploited Zero-Day

Ivanti released fixes for five high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, including CVE-2026-6973, which has been actively exploited as a zero-day. The flaw stems from improper input validation, allowing remote attackers with administrative privileges to execute arbitrary code on vulnerable instances. Ivanti confirmed a "very limited number" of customers were compromised by CVE-2026-6973, as stated in a security advisory published on May 8, 2026. No additional technical details about the attack vector or affected versions were disclosed. The advisory was issued alongside patches for the remaining four vulnerabilities.