CVE-2026-6973 – Ivanti Endpoint Manager
“When mobile endpoints are exposed, attackers gain a direct line into the enterprise.”
The latest Ivanti Endpoint Manager Mobile patch addresses a high-severity vulnerability that could allow attackers to compromise managed mobile devices and potentially pivot into enterprise systems. The issue affects how the platform handles certain requests, creating a pathway for unauthorized access or manipulation of device management functions.
CVE-2026-6973 has a CVSS score of 7.2, which is High severity.
Active exploitation has been observed in the wild, increasing the urgency of this patch. Organizations using Endpoint Manager Mobile are at heightened risk, as attackers may already be targeting exposed systems to gain control over mobile endpoints and associated enterprise data.
Key Details
- Affected Product
- Ivanti Endpoint Manager Mobile
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- CWE Classification
- CWE-20