CVE-2026-6973 is an improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows a remotely authenticated attacker with administrative access to achieve remote code execution. Affected versions are EPMM releases before 12.6.1.1, 12.7.0.1, and 12.8.0.1. Ivanti has confirmed limited exploitation against customer environments, and simultaneously patched four related flaws ranging from CVSS 7.0 to 8.9 covering access control and certificate validation bypass. CISA added CVE-2026-6973 to its Known Exploited Vulnerabilities catalog and set a remediation deadline of May 10, 2026 for FCEB agencies. Ivanti noted that customers who rotated credentials following earlier CVE-2026-1281 and CVE-2026-1340 disclosures have significantly reduced exploitation risk. Organizations running EPMM should upgrade immediately and audit credential rotation records from prior advisories.