CVE-2026-10727

Summary

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root

Affected Software

VendorProductVersion RangeStatus
IvantiEndpoint Manager Mobile12.9.0.1unaffected
IvantiEndpoint Manager Mobile12.8.0.3unaffected
IvantiEndpoint Manager Mobile12.7.0.2unaffected

Weaknesses

  • CWE-78: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References