CVE DATABASE / CVE-2026-5786

CVE-2026-5786

CVSS 8.8 · HIGH

Summary

An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.

CVSS 3.1 breakdown

Base score	8.8 (HIGH)
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	LOW
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-284

Affected products

Ivanti endpoint manager mobile

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

Our coverage

CVE-2026-6973: Ivanti EPMM Zero-Day RCE Exploited, CISA Mandates Patch by May 10

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs

Data: NIST NVD. NVD last modified 2026-05-07. Always verify against the vendor advisory before acting.