Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.
Quick answer
Ivanti Endpoint Manager Mobile (EPMM) should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- 12.7.0.0
- 12.8.0.0
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
CVE-2026-6973 affects Ivanti Endpoint Manager Mobile and can let a remotely authenticated administrator achieve remote code execution. Update EPMM to 12.6.1.1, 12.7.0.1, 12.8.0.1, or a later fixed release for the deployed branch. Because exploitation requires administrative access, also review admin accounts, integrations, and audit logs for misuse.
- Identify all Ivanti EPMM appliances and record the installed major and maintenance release.
- Upgrade to 12.6.1.1, 12.7.0.1, 12.8.0.1, or a later vendor-fixed release for the deployed branch.
- Restrict administrative access to trusted management networks and enforce MFA for administrator accounts.
- Review EPMM administrator accounts, roles, API integrations, and service credentials for unexpected changes.
- Rotate administrative credentials and integration tokens if the appliance was exposed to untrusted administrators.
- Review appliance logs for suspicious admin actions, command execution, uploaded packages, or configuration changes.
- Back up configuration before updating and confirm mobile device enrollment flows continue to operate after patching.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm the EPMM appliance reports a fixed version: 12.6.1.1, 12.7.0.1, 12.8.0.1, or later.
- Verify administrative interfaces are reachable only from trusted networks.
- Confirm MFA and least-privilege admin roles are enforced.
- Review audit logs for unauthorized administrative actions during the exposure window.
- Run a Fixnx scan against public-facing EPMM endpoints after access restrictions and updates.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-6973?
Ivanti Endpoint Manager Mobile (EPMM) should be checked against the vendor advisory and trusted references linked on this page.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
