# Critical Vulnerabilities Found in Ivanti EPMM Demand Immediate Patching

*Published May 8, 2026*
*Source: [https://cybersecuritynews.com/ivanti-epmm-0-day-exploited/](https://cybersecuritynews.com/ivanti-epmm-0-day-exploited/)*

## Executive Summary

Ivanti has identified critical vulnerabilities in its Endpoint Manager Mobile product that are actively being exploited. Organizations using on-premises EPMM must apply patches immediately to protect against potential attacks.

## Article

Ivanti has released a critical security advisory for its Endpoint Manager Mobile (EPMM) product, highlighting multiple vulnerabilities that are actively being exploited. The most notable of these is CVE-2026-6973, which demands administrator authentication to be exploited. Ivanti is calling on all users of on-premises EPMM to apply the newly released patches without delay to safeguard against potential breaches.

These vulnerabilities are confined to the on-premises version of EPMM and do not affect Ivanti Neurons for MDM, the company's cloud-based solution, or other Ivanti products like Ivanti EPM and Ivanti Sentry. At the time of the announcement, exploitation was reported to be very limited. However, Ivanti has emphasized that the introduction of advanced AI models has significantly decreased the time from vulnerability disclosure to exploitation, shrinking it from days to just hours.

In a significant development, Ivanti has integrated advanced large language model AI systems into its security and engineering processes. This move has enhanced the company's ability to detect and mitigate vulnerabilities that might be missed by traditional static and dynamic analysis tools. Some of the vulnerabilities disclosed were identified through this AI-assisted approach. Ivanti ensures that all AI-generated findings are thoroughly verified by human experts to maintain responsible AI use in their security practices.

Ivanti’s EPMM has been repeatedly targeted by sophisticated threat actors. The Cybersecurity and Infrastructure Security Agency (CISA) has noted at least 31 Ivanti vulnerabilities in its Known Exploited Vulnerabilities catalog since 2021, with numerous exploits attributed to state-sponsored groups. This pattern highlights the high value of EPMM in enterprise mobile device management.

The vulnerabilities disclosed in the latest advisory exclusively affect on-premises EPMM deployments. Organizations using Ivanti’s cloud-based solutions remain unaffected. Ivanti has provided detailed remediation steps through its Security Advisory, assuring that the patch process is quick and does not cause downtime. The company urges all on-premises EPMM administrators to act immediately to protect their systems.
