Ivanti EPMM Remote Code Execution Added to CISA KEV Catalog

Improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM) allows remotely authenticated administrative users to achieve remote code execution. CISA added this to the Known Exploited Vulnerabilities catalog on May 7 following confirmed in-the-wild exploitation.

Remote authenticated attacker with administrative access can exploit improper input validation to execute arbitrary code. Active exploitation has been observed in the wild, though specific campaigns have not been publicly attributed.

Ivanti Endpoint Manager Mobile (EPMM). Specific affected versions not yet disclosed; vendor advisory expected with patch details.

Apply mitigations per Ivanti vendor instructions immediately. Federal agencies must remediate by May 10, 2026 per BOD 22-01. Enterprises should follow applicable guidance or discontinue use if mitigations are unavailable. Monitor Ivanti security advisory hub for patch release.