Two security vulnerabilities threaten Ivanti Endpoint Manager Mobile, as reported by Heise. The flaws, tracked as CVE-2026-6973 and CVE-2026-10727, are both rated ‘high’ severity. They allow remote, but already authenticated, attackers to inject and execute malicious code on systems. In the second case, attackers can even issue commands with root privileges.
Ivanti developers have fixed the security issues in versions 12.9.0.1, 12.8.0.3, and 12.7.0.2. Administrators should install the updates immediately. According to Ivanti, no attacks exploiting these vulnerabilities have been documented so far. However, security flaws in Ivanti EPMM have repeatedly been targeted by cybercriminals in the past.
Source: www.heise.de
