CVE-2026-7821
📛 CVE Title
CVE-2026-7821
Description
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- HIGH
- CVSS score
- 7.4 / 10
- CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N- Effective score
- 7.4 / 10 HIGH source: CNA overview
- CWE(s)
-
CWE-295 - Reserved
- 2026-05-04
- Published
- 2026-05-07 17:26 UTC
- Last updated
- 2026-05-07 18:15 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/7xxx/CVE-2026-7821.json
- Linked Threat
- CVE-2026-7821 — CVE-2026-7821
NVD triage scoring NVD CVE 2.0
Layer NVD adds on top of the CNA's CVE record — published / last-modified timestamps, exploitability / impact subscores, and the FIRST.org EPSS probability that this CVE will be exploited in the wild in the next 30 days.
- NVD published
- 2026-05-07 16:16:23 UTC
- NVD last modified
- 2026-05-07 20:09:25 UTC
- NVD CVSS v3.1
- 7.4 / 10 HIGH source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N- Exploitability subscore
- 2.2 / 10
- Impact subscore
- 5.2 / 10
- EPSS score
- 0.0006 (probability of exploitation in next 30 days)
- EPSS percentile
- 18.32% vs all CVEs — higher = more likely to be exploited, as of 2026-05-24
NVD / KEV / EPSS data refreshed 2026-05-25 06:40 UTC. Re-run the 🛰 Backfill from NVD button above to refresh.
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2026-28397 - Assigner
- ivanti
- Published
- May 7, 2026, 3:26:44 PM
- Updated
- May 7, 2026, 4:15:57 PM
- EUVD base score (CVSS 3.1)
-
7.4 / 10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N - EUVD-reported EPSS
- 0.0600
- Vendors
- Ivanti
- Products
-
Endpoint Manager Mobile (patch: 12.8.0.1)Endpoint Manager Mobile (patch: 12.7.0.1)Endpoint Manager Mobile (patch: 12.6.1.1)
ENISA description: Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Endpoint Manager Mobile |
12.6.1.1 (unaffected),
12.7.0.1 (unaffected),
12.8.0.1 (unaffected)
|
— |
Affected products — CPE 2.3 (3) NVD
NVD's normalized CPE 2.3 matchers, used by vendor tools (vulnerability scanners, asset managers) for automated detection. Compare with the CNA's free-text "Affected products" section above.
cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*cpe:2.3:a:ivanti:endpoint_manager_mobile:12.8.0.0:*:*:*:*:*:*:*
Remediations (10)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:cybersecuritynews.com
Microsoft released its March 2026 Patch Tuesday security update on March 10, 2026 , addressing 78 vulnerabilities across Windows, Microsoft Office, Azure, SQL Server, and .NET. The update includes one actively exploited zero-day vulnerability and multiple Critical-rated flaws demanding immediate attention from security teams. The most urgent fix this month is CVE - 2026 -21262, the sole zero-day ...
2026-05-22 17:37 UTC -
web:nvd.nist.gov
An official website of the United States government Here's how you know
2026-05-22 17:37 UTC -
web:portal.msrc.microsoft.com
The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.
2026-05-22 17:37 UTC -
web:securityboulevard.com
Cybersecurity vulnerabilities pose significant risks to organizations in today's digital landscape. Left unaddressed, these vulnerabilities can lead to data breaches, financial losses, and reputational damage. Organizations must decide how to tackle vulnerabilities—through remediation , mitigation , or a combination of both. But which strategy is more effective? This blog explores the ...
2026-05-22 17:37 UTC -
web:www.bastazo.com
In the field of vulnerability management, remediation , workaround, and mitigation are three common terms used to describe methods of addressing a vulnerability. They are sometimes used interchangeably, but their meanings can vary slightly across different vendors and organizations.
2026-05-22 17:37 UTC -
web:www.bugcrowd.com
Vulnerability mitigation is typically considered a temporary or interim solution. While mitigation measures can reduce the immediate risk associated with vulnerabilities, they may not provide a permanent fix . Organizations should aim to prioritize and plan for complete vulnerability remediation whenever feasible and allocate resources accordingly.
2026-05-22 17:37 UTC -
web:www.cisa.gov
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
2026-05-22 17:37 UTC -
web:www.oracle.com
This Critical Patch Update contains 481 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at April 2026 Critical Patch Update: Executive Summary and Analysis.
2026-05-22 17:37 UTC -
web:www.secure.com
Learn the difference between vulnerability remediation and mitigation , and how a risk-based strategy can strengthen your security posture.
2026-05-22 17:37 UTC -
web:zecurit.com
Get the complete breakdown of Microsoft's May 2026 Patch Tuesday. We analyze the latest security updates and all critical CVEs .
2026-05-22 17:37 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
MITRE references (1) cveawg.mitre.org
Pulled from MITRE's CVE Services API by the 🛰 Backfill from MITRE button.
Web references (7)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
- https://www.securityweek.com/ivanti-patches-epmm-zero-day-exploited-in-targeted-attacks/ tenable:www.securityweek.com
- https://cyberscoop.com/ivanti-epmm-zero-day-vulnerability-exploited/ tenable:cyberscoop.com
- https://nvd.nist.gov/vuln/detail/CVE-2026-7821 tenable:nvd.nist.gov
- https://thehackernews.com/2026/05/ivanti-epmm-cve-2026-6973-rce-under.html tenable:thehackernews.com
- https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks/ tenable:www.bleepingcomputer.com
- https://www.cve.org/CVERecord?id=CVE-2026-7821 tenable:www.cve.org
- https://www.first.org/epss/ tenable:www.first.org
NVD-tagged references (1)
Reference list NVD curates from the CNA record, vendor advisories, and third-party reports. The tag chips below are NVD's analyst-assigned categories.
- https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 Vendor AdvisoryPatch
Indicators (3)
IOCs linked to the auto-promoted Threat row.
| Type | Value | VirusTotal | Attached |
|---|---|---|---|
| ipv4 |
12.6.1.1
|
no local data | 2026-05-18 21:18 UTC |
| ipv4 |
12.7.0.1
|
no local data | 2026-05-18 21:18 UTC |
| ipv4 |
12.8.0.1
|
no local data | 2026-05-18 21:18 UTC |
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2026-7821.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T16:15:48.501682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T16:15:57.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager Mobile",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "12.6.1.1"
},
{
"status": "unaffected",
"version": "12.7.0.1"
},
{
"status": "unaffected",
"version": "12.8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity. "
}
],
"value": "Improper certificate validation in Ivanti EPMM before\u00a0versions 12.6.1.1, 12.7.0.1, and 12.8.0.1\u00a0allows a remote unauthenticated attacker\u00a0to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and\u00a0impacting\u00a0on the integrity of the newly enrolled device identity."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22: Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper certificate validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:26:44.176Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2026-7821",
"datePublished": "2026-05-07T15:26:44.176Z",
"dateReserved": "2026-05-04T21:33:06.975Z",
"dateUpdated": "2026-05-07T16:15:57.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}