CVE DATABASE / CVE-2026-5787

CVE-2026-5787

CVSS 8.9 · HIGH

Summary

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

CVSS 3.1 breakdown

Base score	8.9 (HIGH)
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Attack vector	NETWORK
Attack complexity	HIGH
Privileges required	NONE
User interaction	NONE
Scope	CHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	LOW

Weakness type (CWE)

CWE-295

Affected products

Ivanti endpoint manager mobile

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

Our coverage

CVE-2026-6973: Ivanti EPMM Zero-Day RCE Exploited, CISA Mandates Patch by May 10

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs

Data: NIST NVD. NVD last modified 2026-05-07. Always verify against the vendor advisory before acting.