Meta News

CISA gives federal agencies four days to patch Ivanti flaw

Summary: CISA has given U.S. federal agencies a four-day deadline to patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited as a zero-day.

CISA gives federal agencies only four days to fix Ivanti flaw exploited as zero-day

The U.S. cybersecurity agency CISA issued an urgent order for federal agencies to patch a critical vulnerability in Ivanti products that is already being actively exploited as a zero-day.

The flaw, identified as CVE-2026-6973, affects Ivanti Endpoint Manager Mobile (EPMM), a platform used for managing enterprise mobile devices. According to Ivanti, the problem allows remote code execution to attackers who already possess administrative privileges over the target system.

What is happening

The CISA directive requires U.S. federal agencies to secure their systems within only four days, reflecting the severity of the risk and the possibility of ongoing attacks.

Ivanti confirmed that the vulnerability is being exploited “to a limited extent” in real attacks and published security updates to correct the problem in several product branches.

The corrected versions are:

  • 12.6.1.1
  • 12.7.0.1
  • 12.8.0.1

The company also recommended reviewing all accounts with administrative privileges and rotating credentials as an additional measure of protection.

Affected products

The issue affects only on-premise installations of Ivanti EPMM. According to the company, other products are not affected, including:

  • Ivanti Neurons for MDM
  • Ivanti EPM
  • Ivanti Sentry
Over 800 systems exposed on the Internet

The Shadowserver Foundation organization detected over 800 exposed instances of Ivanti EPMM accessible from the Internet. However, there is still no public information on how many have already been patched.

Ivanti continues under pressure for zero-day vulnerabilities

This new incident adds to a long series of security issues that have affected Ivanti in recent years. As recently as January, the company corrected two other critical vulnerabilities in EPMM that were also exploited as zero-days.

Furthermore, CISA has cataloged numerous Ivanti vulnerabilities as “actively exploited,” several of which have been used by ransomware groups and state-sponsored espionage actors.

Recommendations for administrators

Experts recommend acting immediately:

  • Apply the patches published by Ivanti.
  • Review suspicious administrative access.
  • Rotate privileged credentials.
  • Limit public exposure of EPMM servers.
  • Monitor for unusual activity and authentication logs.

The speed of the order issued by CISA demonstrates that the authorities consider this vulnerability an active and priority threat to government and corporate infrastructures.

Key facts

  • Vulnerability: CVE-2026-6973
  • Affected product: Ivanti Endpoint Manager Mobile (EPMM)
  • Patching deadline: Four days (until May 10)
  • Risk: Remote execution of arbitrary code

Why it matters

This incident highlights the persistent risk faced by government agencies from critical vulnerabilities in third-party software. Failure to meet patching deadlines could leave federal networks exposed to sophisticated zero-day attacks that compromise national security.

X profile@BleepinComputerhttps://twitter.com/BleepinComputer
Embedded content for: CISA gives federal agencies four days to patch Ivanti flaw
Tags:
CISA Ivanti ciberseguridad zero-day CVE-2026-6973

Structured details

  • Industry: cybersecurity
  • Source type: media
  • Claim status: confirmed
  • Verification: claimed_by_source
  • Entities: CISA, Ivanti, CVE-2026-6973, U.S. Cybersecurity and Infrastructure Security Agency

Source: https://www.bleepingcomputer.com/news/security/cisa-gives-feds-four-days-to-patch-ivanti-flaw-exploited-as-zero-day/

Published on