Ivanti Neurons for MDM
Ivanti's cloud-hosted MDM product, unaffected by the EPMM CVE-2026-6973 zero-day.
Last refreshed: 8 May 2026
Timeline for Ivanti Neurons for MDM
Ivanti EPMM logs fourth KEV zero-day since 2023
Cybersecurity: Threats and Defences- What is Ivanti Neurons for MDM?
- Ivanti Neurons for MDM is Ivanti's cloud-hosted Mobile Device Management product, providing device enrolment, policy management, and remote wipe for iOS, Android, Windows, and macOS. It is separate from Ivanti's on-premises EPMM (MobileIron) product.
- Is Ivanti Neurons for MDM affected by CVE-2026-6973?
- No. CVE-2026-6973 affects Ivanti Endpoint Manager Mobile (EPMM), the on-premises product. Ivanti confirmed that Ivanti Neurons for MDM, the cloud-hosted product, is not affected.Source:
- What is the difference between Ivanti EPMM and Ivanti Neurons for MDM?
- Ivanti EPMM (formerly MobileIron UEM) is an on-premises MDM server that organisations deploy and manage themselves. Ivanti Neurons for MDM is a cloud-hosted SaaS product managed by Ivanti. They share a heritage but run on separate infrastructure with different vulnerability profiles.
Background
Ivanti Neurons for MDM is Ivanti's cloud-hosted Mobile Device Management product, offered as a Software-as-a-Service (SaaS) platform. It provides unified endpoint management (UEM) capabilities for iOS, Android, Windows, and macOS devices, including device enrolment, configuration policy management, application distribution, compliance enforcement, and remote wipe. The cloud-hosted architecture means the management infrastructure is operated by Ivanti and does not require organisations to run their own server infrastructure.
Ivanti operates two distinct MDM product lines. The on-premises product, Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron UEM), runs on customer-managed servers and has been the subject of multiple high-severity vulnerabilities since 2023, including CVE-2023-35078, CVE-2023-35082, CVE-2024-8963, and now CVE-2026-6973. The cloud-hosted Ivanti Neurons for MDM shares a heritage with the MobileIron Cloud product but runs on entirely separate cloud infrastructure. Vulnerabilities in EPMM do not affect Neurons for MDM and vice versa.
In U#3, CVE-2026-6973 is a critical authentication-bypass vulnerability in Ivanti EPMM (on-premises only) . Ivanti explicitly confirmed that Ivanti Neurons for MDM is not affected. Understanding this split is operationally important for organisations that have migrated from on-premises EPMM to the cloud product and need to confirm their exposure status.