Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-5788: Ivanti EPMM versions 12.6.1 and earlier allow unauthorized access
CVE-2026-5788
Summary
A security issue in older Ivanti EPMM versions lets an attacker access sensitive features without permission. This could allow them to manipulate the system in unintended ways. Update to version 12.6.1.1 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| ivanti | endpoint_manager_mobile |
< 12.6.1.1 12.7.0.0 12.8.0.0 cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:* |
Original title
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
Original description
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
nvd CVSS3.1
7.0
Vulnerability type
CWE-284
Improper Access Control
Published: 7 May 2026 · Updated: 28 May 2026 · First seen: 7 May 2026