A high-severity remote code execution vulnerability in a mobile device management platform has been added to the federal list of known exploited threats. The flaw is being targeted in refined attacks that leverage credentials likely harvested during prior intrusions, presenting a critical risk to mobile enterprise security.
Tracked as CVE-2026-6973, the vulnerability impacts @[Ivanti](urn:li:organization:3113) Endpoint Manager Mobile ❨EPMM❩. While the exploit requires administrative authentication, @[CISA](urn:li:organization:13010360) added the flaw to the KEV catalog on May 12, citing its use in targeted intrusions. This indicates that threat actors are successfully chaining the RCE with previously stolen or brute-forced administrative rights to achieve full appliance takeover.
The compromise of an MDM platform allows an adversary to push malicious configuration profiles to thousands of employee devices and exfiltrate sensitive mobile data. For organizations, this proves that a patch is only effective if combined with a total reset of administrative trust following a breach.
– Upgrade @[Ivanti](urn:li:organization:3113) EPMM to the latest security version ❨12.6.1.1 or higher❩ immediately.
– Perform a mandatory rotation of all administrative passwords and API keys associated with the MDM infrastructure.
– Monitor for anomalous administrative logins or unauthorized device enrollment requests originating from unknown IP addresses.
– Restrict all MDM management interfaces to authorized internal subnets and enforce phishing-resistant MFA for all administrators.
Security infrastructure remains a primary target for sophisticated adversaries; defense requires a combination of rapid patching and rigorous identity hygiene. #CodeDefence #Ivanti #MDM #CISA #KEV
/
