He was commenting on an advisory issued Thursday by Ivanti about the discovery of five holes in its Endpoint Manager Mobile (EPMM) suite. Updates for all are available.
The flaws are serious enough that the US Cybersecurity and Infrastructure Security Agency (CISA) added one of the vulnerabilities to its Known Exploited Vulnerabilities Catalog because it’s being actively exploited.
“This isn’t an isolated incident,” Enderle added. “It’s a continuation of the cycle we saw in January, suggesting an underlying architecture struggling to withstand modern threats.”
A “very limited number of customers” have been exploited through one of the vulnerabilities revealed this week, CVE-2026-6973. An improper input validation in EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to perform remote code execution.
