CVE-2026-5787

High

Published: 07 May 2026

Published

07 May 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

EPSS Score 0.0004 13.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SA-19 Component Authenticity

addresses: CWE-295

When certificates are used to establish component provenance, the control requires correct certificate validation procedures.

SC-17 Public Key Infrastructure Certificates

addresses: CWE-295

Mandates approved trust anchors and issuance policies, directly preventing acceptance of unvalidated or untrusted certificates.

SC-45 System Time Synchronization

addresses: CWE-295

Correct system time is required for proper enforcement of certificate notBefore/notAfter dates and time-based revocation checks.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-295

Affected Products

ivanti

endpoint manager mobile

12.7.0.0, 12.8.0.0 · ≤ 12.6.1.1

References

https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs
Vendor Advisory, Patch · 3c1d8aa1-5a33-4ea4-8992-aadd6440af75