Home / Vulnerability Intelligence / CVE-2026-5787

CVE-2026-5787 - Vulnerability Analysis

HighCVSS: 8.9

Last Updated: May 7, 2026

Ivanti EPMM - Authentication Bypass

Published: May 7, 2026Updated: May 7, 2026Remote Exploitable

Overview

Ivanti EPMM < 12.6.1.1, 12.7.0.1, and 12.8.0.1 contains an improper certificate validation vulnerability caused by insufficient validation of Sentry hosts, letting remote unauthenticated attackers impersonate hosts and obtain valid CA-signed client certificates, exploit requires network access.

Severity & Score

Severity: High

CVSS Score: 8.9

Impact

Remote attackers can impersonate registered hosts and obtain valid client certificates, enabling unauthorized access and potential data compromise.

Mitigation

Upgrade to versions 12.6.1.1, 12.7.0.1, 12.8.0.1 or later.

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs

Related Resources

Details

CVE ID: CVE-2026-5787
Severity: High
CVSS Score: 8.9
Type: broken_authentication
Status: unconfirmed

CWE

CWE-295

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L