Ivanti Endpoint Manager Mobile
17 CVEs affecting Ivanti Endpoint Manager Mobile. Latest disclosed: 2026-05-07. Critical: 3, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-35078 | Critical | 10.0 | 2023-07-25 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without prop… |
CVE-2026-1340 | Critical | 9.8 | 2026-01-29 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. |
CVE-2026-1281 | Critical | 9.8 | 2026-01-29 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. |
CVE-2026-5787 | High | 8.9 | 2026-05-07 | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate regi… |
CVE-2026-5786 | High | 8.8 | 2026-05-07 | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain adminis… |
CVE-2024-7612 | High | 8.8 | 2024-10-08 | Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. |
CVE-2026-7821 | High | 7.4 | 2026-05-07 | Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device bel… |
CVE-2026-6973 | High | 7.2 | 2026-05-07 | An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to… |
CVE-2025-10985 | High | 7.2 | 2025-10-14 | OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privil… |
CVE-2025-10243 | High | 7.2 | 2025-10-14 | OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privil… |
CVE-2025-10242 | High | 7.2 | 2025-10-14 | OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privil… |
CVE-2025-6771 | High | 7.2 | 2025-07-08 | OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high p… |
CVE-2025-6770 | High | 7.2 | 2025-07-08 | OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve re… |
CVE-2025-4428 | High | 7.2 | 2025-05-13 | Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute… |
CVE-2026-5788 | High | 7.0 | 2026-05-07 | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. |
CVE-2025-4427 | Medium | 5.3 | 2025-05-13 | An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without prope… |
CVE-2025-10986 | Medium | 4.7 | 2025-10-14 | Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges t… |