A critical vulnerability, identified as CVE-2026-6973, has been discovered in Ivanti Endpoint Manager Mobile (EPMM), potentially allowing authenticated attackers to execute remote code by injecting malicious Apache configuration directives. This flaw carries a CVSS score of 7.2 and is classified under CWE-15 (Improper Control of Generation of Code). Affected versions include 12.9.0, 12.8.0.2, 12.7.0.1, and earlier releases.
According to Ivanti’s security advisory, the vulnerability stems from inadequate handling of configuration inputs within the application. An attacker with sufficient privileges can exploit this weakness to inject arbitrary Apache directives into the server configuration, altering how the web server processes requests and enabling remote code execution.
The attack requires no user interaction and can be executed over the network, posing a significant threat in enterprise environments where EPMM is widely used to manage mobile devices and enforce security policies. Exploitation could lead to the deployment of web shells, execution of malicious scripts, or further infiltration into internal networks.
Ivanti has addressed this vulnerability in the following patched versions: 12.9.0.1, 12.8.0.3, and 12.7.0.2. Organizations running vulnerable versions are strongly urged to upgrade immediately to mitigate potential risks.
At the time of disclosure, Ivanti stated there is no evidence of active exploitation in the wild. However, proactive patching is essential, as attackers may gain authenticated access through phishing, credential theft, or other initial access techniques. Security teams should also review access controls and audit privileged accounts, as the vulnerability requires authentication. Monitoring for unusual configuration changes or unexpected Apache behavior may help detect potential exploitation attempts.
This vulnerability underscores the risks associated with configuration injection flaws in enterprise management platforms. As attackers increasingly target management infrastructure to maximize impact, timely updates and strict access control are crucial to reducing the attack surface. Ivanti customers are advised to apply patches immediately and follow official guidance to secure their deployments against potential threats.
Source: Cyber Security News
