Endpoint manager mobile

This hub aggregates every CVE we track for Endpoint manager mobile, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Endpoint manager mobile.

• CVE-2026-10727An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root7.2Jun 9, 2026
• CVE-2026-5787An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid C...8.9May 7, 2026
• CVE-2026-5788An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.7.0May 7, 2026
• CVE-2026-7821Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenr...7.4May 7, 2026
• CVE-2026-6973An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.KEV7.2May 7, 2026
• CVE-2026-5786An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.8.8May 7, 2026
• CVE-2026-1340A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.KEV9.8Jan 29, 2026
• CVE-2026-1281A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.KEV9.8Jan 29, 2026
• CVE-2025-10986Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations o...4.7Oct 14, 2025
• CVE-2025-10985OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.7.2Oct 14, 2025
• CVE-2025-10243OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.7.2Oct 14, 2025
• CVE-2025-10242OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.7.2Oct 14, 2025
• CVE-2025-6771OS command injection in Ivanti Endpoint Manager7.2Jul 8, 2025
• CVE-2025-6770OS command injection in Ivanti Endpoint Manager7.2Jul 8, 2025
• CVE-2025-4428Remote Code ExecutionKEV7.2May 13, 2025