Skip to content
Tech News
← Back to articles

CISA gives feds four days to patch Ivanti flaw exploited as zero-day

2026-05-08 | original
read original get Ivanti Security Patch Kit → more articles
Why This Matters

The urgent alert from CISA highlights the critical need for federal agencies and organizations to promptly patch a high-severity Ivanti vulnerability exploited in zero-day attacks. This underscores the ongoing risks associated with endpoint management software and the importance of rapid security updates to protect sensitive networks from malicious actors.

Key Takeaways

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in zero-day attacks.

Tracked as CVE-2026-6973, this security flaw allows attackers with administrative privileges to execute arbitrary code remotely on systems running EPMM 12.8.0.0 and earlier.

In a Thursday security advisory, Ivanti told customers they can secure their appliances by installing Ivanti EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1, and advised them to review accounts with Admin rights and rotate those credentials where necessary.

"At the time of disclosure, we are aware of very limited exploitation of CVE-2026-6973, which requires admin authentication for successful exploitation. We are not aware of any customers being exploited by the other vulnerabilities disclosed today," it said.

"The issues only affect the on-prem EPMM product, and are not present in Ivanti Neurons for MDM, Ivanti's cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products."

Nonprofit security organization Shadowserver now tracks over 800 Ivanti EPMM appliances exposed online. However, there is no information on how many have already been patched against the CVE-2026-6973 vulnerability.

Ivanti EPMM appliances exposed online (Shadowserver)

​​​On Thursday, CISA added the security flaw to its list of vulnerabilities exploited in attacks and mandated that federal agencies patch their EPMM systems by midnight Sunday, May 10.

"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA warned.

In late January, Ivanti patched two other critical EPMM security issues (CVE-2026-1281 and CVE-2026-1340) that were exploited in zero-day attacks affecting a "very limited number of customers." On April 8, CISA also gave U.S. government agencies four days to secure their systems against attacks targeting the CVE-2026-1340 flaw.

... continue reading

Explore topics: cisa ivanti epmm cve-2026-6973 shadowserver
Related:
Has CISA Finally Found Its New Leader in Tom Parker?
Ivanti warns of new EPMM flaw exploited in zero-day attacks
Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations
Hackers are still exploiting the cPanel bug to gain control of thousands of websites
Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites

© 2026 GoKawiil

About | Editorial Policy | Contact