The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Ivanti Endpoint Manager Mobile to its catalog of known exploited vulnerabilities, citing active exploitation in the wild. The flaw allows improper input validation and poses significant risk to federal networks and critical infrastructure; federal agencies are required to remediate by specified deadlines.

Ivanti has warned of a high-severity vulnerability in Endpoint Manager Mobile (CVSS 7.2) that allows authenticated attackers to execute remote code. The flaw, tracked as CVE-2026-6973, affects multiple versions and has already been exploited in limited attacks in the wild, prompting the vendor to urge immediate patching.

Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]

CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]

CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek .

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. "External control of a file name