Post Date: 2026/05/13
【Vulnerability Alert】Two Critical Security Vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM)
- Subject: 【Vulnerability Alert】Two Critical Security Vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM)
- Description:
- Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202605-00000004
- Ivanti Endpoint Manager Mobile (EPMM) is a mobile device management solution that centrally manages iOS, Android, macOS, and Windows devices. Recently, Ivanti released an announcement regarding critical security vulnerabilities.
- 【CVE-2026-5786, CVSS: 8.8】 This is an improper access control vulnerability that allows an authenticated remote attacker to obtain administrative access privileges.
- 【CVE-2026-5787, CVSS: 8.9】 This is an improper certificate validation vulnerability that allows an unauthenticated remote attacker to impersonate a registered Sentry host and obtain a valid CA-signed client certificate.
- Affected Platforms:
- Ivanti Endpoint Manager Mobile versions 12.8.0.0 (inclusive) and earlier
- Recommended Actions:
- Apply patches according to the solutions released on the official website: https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US
- Reference Materials:
Computer and Communication Center
Network Systems Division
