CVE-2026-10727
📛 CVE Title
CVE-2026-10727
Description
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- HIGH
- CVSS score
- 7.2 / 10
- CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H- Effective score
- 7.2 / 10 HIGH source: CNA overview
- CWE(s)
-
CWE-78 - Reserved
- 2026-06-03
- Published
- 2026-06-09 14:30 UTC
- Last updated
- 2026-06-10 03:58 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/10xxx/CVE-2026-10727.json
- Linked Threat
- CVE-2026-10727 — CVE-2026-10727
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Endpoint Manager Mobile |
12.9.0.1 (unaffected),
12.8.0.3 (unaffected),
12.7.0.2 (unaffected)
|
— |
Remediations (10)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:cybersecuritynews.com
Microsoft has officially acknowledged a critical zero-day vulnerability in Microsoft Defender, publicly dubbed "RoguePlanet," and confirmed it is actively developing a security patch to address the flaw.
2026-06-19 02:16 UTC -
web:portal.msrc.microsoft.com
The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.
2026-06-19 02:16 UTC -
web:support.microsoft.com
This update for Windows 11, version 25H2 and 24H2 (KB5084597) incudes security improvements. To learn more about differences between security updates, optional non-security preview updates, out-of-band (OOB) updates, and continuous innovation, see Windows monthly updates explained. For information on Windows update terminology, see the different types of Windows software updates. To view the ...
2026-06-19 02:16 UTC -
web:vulners.com
CVE-2026-10727 lets remote authenticated attackers run commands as root on Ivanti EPMM.
2026-06-19 02:16 UTC -
web:www.computerworld.com
Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read ...
2026-06-19 02:16 UTC -
web:www.crowdstrike.com
Microsoft has released security updates for 130 vulnerabilities, including 30 critical, in its May 2026 Patch Tuesday rollout.
2026-06-19 02:16 UTC -
web:www.malwarebytes.com
Microsoft says it's working on a fix for an unpatched Defender vulnerability that can give attackers the highest level of access on Windows.
2026-06-19 02:16 UTC -
web:www.rapid7.com
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday, including an HTTP/2 denial of service vulnerability and an elevation of privilege vulnerability in PowerToys.
2026-06-19 02:16 UTC -
web:www.thehackerwire.com
CVE-2026-10727 is a High severity vulnerability (CVSS 7.2). An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary...
2026-06-19 02:16 UTC -
web:zecurit.com
Get the complete breakdown of Microsoft's June 2026 Patch Tuesday. We analyze the latest security updates and all critical CVEs .
2026-06-19 02:16 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2026-10727.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T03:58:42.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager Mobile",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "12.9.0.1"
},
{
"status": "unaffected",
"version": "12.8.0.3"
},
{
"status": "unaffected",
"version": "12.7.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root "
}
],
"value": "An OS command injection vulnerability in Ivanti EPMM before\u00a012.9.0.1, 12.8.0.3 and 12.7.0.2 versions\u00a0allows a remote authenticated attacker to execute arbitrary commands as root"
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:30:48.455Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-6973-CVE-2026-10727?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2026-10727",
"datePublished": "2026-06-09T14:30:48.455Z",
"dateReserved": "2026-06-03T09:56:16.844Z",
"dateUpdated": "2026-06-10T03:58:42.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}