The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies patch a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) within four days, as it has been exploited in zero-day attacks. The vulnerability, tracked as CVE-2026-6973, allows remote code execution and affects specific versions of EPMM, necessitating urgent action to secure networks.
CISA has mandated federal agencies to patch a critical zero-day vulnerability (CVE-2026-6973) in Ivanti Endpoint Manager Mobile within four days, highlighting the urgency of addressing this high-severity flaw that allows remote code execution. For cybersecurity professionals, particularly those managing endpoint security, it's crucial to ensure that Ivanti EPMM systems are updated to versions 12.6.1.1, 12.7.0.1, or 12.8.0.1 and to review and rotate admin credentials to mitigate exploitation risks.