CVE-2026-5787 PUBLISHED

Assigner: ivanti
Reserved: 08.04.2026 Published: 07.05.2026 Updated: 08.05.2026

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
CVSS Score: 8.9

Product Status

Vendor Ivanti
Product Endpoint Manager Mobile
Versions Default: affected
  • Version 12.8.0.1 is unaffected
  • Version 12.7.0.1 is unaffected
  • Version 12.6.1.1 is unaffected

References

Problem Types

  • CWE-295 Improper certificate validation CWE

Impacts

  • CAPEC-196 Session Credential Falsification through Forging