CVE-2026-7821
Received Received - Intake
Improper Certificate Validation in Ivanti EPMM

Publication date: 2026-05-07

Last updated on: 2026-05-07

Assigner: ivanti

Description
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-07
Generated
2026-05-07
AI Q&A
2026-05-07
EPSS Evaluated
N/A
NVD
CVE-2026-7821
EUVD
EUVD-2026-28397
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ivanti epmm to 12.8.0.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an improper certificate validation issue in Ivanti EPMM versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows a remote unauthenticated attacker to enroll a device that belongs to a restricted set of unenrolled devices.

Because of this improper validation, the attacker can gain information about the EPMM appliance and affect the integrity of the newly enrolled device's identity.


How can this vulnerability impact me? :

The vulnerability can lead to information disclosure about the EPMM appliance.

It also impacts the integrity of the identity of newly enrolled devices, potentially allowing unauthorized devices to be enrolled.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart