What is the CVSS score of CVE-2026-10727?

CVE-2026-10727 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Ivanti EPMM are affected by CVE-2026-10727?

A command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) allows authenticated administrators with high privileges to execute arbitrary OS commands as root on underlying servers,…

How to fix or mitigate CVE-2026-10727?

Within 24 hours: Identify all EPMM installations and confirm affected versions (prior to 12.9.0.1, 12.8.0.3, or 12.7.0.2); enforce multi-factor authentication on all administrator accounts; audit current administrator privilege assignments. Within 7 days: Deploy privileged access management (PAM) with comprehensive session recording and alerting for all EPMM administrative activities; segment EPMM systems from production networks at firewall level; establish continuous monitoring of administrative command execution. Within 30 days: Evaluate and execute upgrades to version 12.9.0.1 (12.9.x line), 12.8.0.3 (12.8.x line), or 12.7.0.2 (12.7.x line) or later; complete forensic review of historical administrator activity logs for evidence of unauthorized command execution.

Ivanti EPMM CVE-2026-10727

EUVD-2026-35444 HIGH

OS Command Injection (CWE-78)

2026-06-09 ivanti

GHSA-5fgm-7c83-qg5j

Ivanti Command Injection

7.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 15:46 vuln.today

DescriptionCVE.org

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root

Articles & Coverage 1

News 3 New Ivanti Vulnerabilities - 2 Critical, 1 High Severity Jun 10, 2026

AnalysisAI

Command injection in Ivanti Endpoint Manager Mobile (EPMM) versions prior to 12.9.0.1, 12.8.0.3, and 12.7.0.2 enables an authenticated administrator with high privileges to execute arbitrary OS commands as root on the underlying server. No public exploit identified at time of analysis, and the issue is not currently listed on the CISA KEV catalog, but Ivanti EPMM has a history of being a high-value target for nation-state actors which elevates real-world urgency. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain EPMM admin credentials

Delivery

Authenticate to management interface

Exploit

Send crafted request with shell metacharacters

Execution

Trigger OS command injection

Persist

Execute arbitrary commands as root

Impact

Exfiltrate MDM data and pivot

Access

Obtain EPMM admin credentials

Delivery

Authenticate to management interface

Exploit

Send crafted request with shell metacharacters

Execution

Trigger OS command injection

Persist

Execute arbitrary commands as root

Impact

Exfiltrate MDM data and pivot

Vulnerability AssessmentAI

Exploitation	Exploitation requires authenticated access to the Ivanti EPMM management interface with high administrative privileges (CVSS PR:H), no user interaction, and network reachability to the EPMM server (AV:N, AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) reflects network reach with low complexity and no user interaction but requires high privileges, which is the dominant risk-limiting factor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has obtained or compromised a high-privilege EPMM administrator credential - for example, through phishing, credential reuse, or chaining with a separate authentication bypass - sends a crafted request to a vulnerable EPMM endpoint that injects shell metacharacters into a parameter passed to an OS command. The injected command executes as root on the EPMM appliance, giving the attacker full control of the device management server, its enrolled-device data, and any stored MDM secrets. …
Remediation	Apply the vendor-released patches by upgrading Ivanti EPMM to 12.9.0.1, 12.8.0.3, or 12.7.0.2 (matching your current maintenance branch) per the Ivanti advisory at https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-6973-CVE-2026-10727. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all EPMM installations and confirm affected versions (prior to 12.9.0.1, 12.8.0.3, or 12.7.0.2); enforce multi-factor authentication on all administrator accounts; audit current administrator privilege assignments. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-10727 vulnerability details – vuln.today

Back

Ivanti EPMM CVE-2026-10727

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Articles & Coverage 1

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code