CVE DATABASE / CVE-2026-7821

CVE-2026-7821

CVSS 7.4 · HIGH

Summary

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.

CVSS 3.1 breakdown

Base score	7.4 (HIGH)
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack vector	NETWORK
Attack complexity	HIGH
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	NONE

Weakness type (CWE)

CWE-295

Affected products

Ivanti endpoint manager mobile

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

Our coverage

CVE-2026-6973: Ivanti EPMM Zero-Day RCE Exploited, CISA Mandates Patch by May 10

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US

Data: NIST NVD. NVD last modified 2026-05-07. Always verify against the vendor advisory before acting.