Ivanti Endpoint Manager Mobile Flaws Allow Root-Level Command Execution

Security researchers have identified two significant vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) device management software that could pose a serious risk to organizations. The flaws could allow authenticated attackers to gain elevated privileges and execute arbitrary code on compromised systems.

The first vulnerability, designated CVE-2026-6973, allows remote attackers who have already gained initial access and authenticated to the system to execute malicious code. A second, more severe vulnerability, CVE-2026-10727, enables similar authenticated attackers to run commands with full root privileges, the highest level of access on a system.

Ivanti has released security advisories acknowledging these issues and has provided patches for versions 12.9.0.1, 12.8.0.3, and 12.7.0.2 of the EPMM software. Customers are strongly advised to apply these updates promptly to mitigate the risk of exploitation.

This development follows a pattern of increased scrutiny on Ivanti products, with several security incidents reported in recent months. Cybersecurity professionals emphasize the critical need for organizations to maintain up-to-date software and monitor security bulletins to protect against emerging threats.