CVE DATABASE / CVE-2026-5788

CVE-2026-5788

CVSS 7 · HIGH

Summary

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.

CVSS 3.1 breakdown

Base score	7 (HIGH)
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
Attack vector	NETWORK
Attack complexity	HIGH
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	LOW
Integrity	HIGH
Availability	LOW

Weakness type (CWE)

CWE-284

Affected products

Ivanti endpoint manager mobile

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

Our coverage

CVE-2026-6973: Ivanti EPMM Zero-Day RCE Exploited, CISA Mandates Patch by May 10

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs

Data: NIST NVD. NVD last modified 2026-05-07. Always verify against the vendor advisory before acting.