Two enterprise security vulnerabilities advanced this week. Ivanti Endpoint Manager Mobile carries CVE-2026-6973, a high-severity RCE flaw with a CISA Known Exploited Vulnerabilities Catalog due date of May 10. Palo Alto Networks confirmed that threat actors attempted but failed to exploit CVE-2026-0300, a critical buffer overflow in PAN-OS's User-ID Authentication Portal, as early as April 9. PAN-OS fixes are scheduled to begin May 13.
Confirmation status matters here. CISA's KEV listing for the Ivanti CVE confirms exploitation in the wild. Proof-of-concept research alone doesn't get a KEV entry. Federal agencies under BOD 22-01 have until the due date to remediate or implement mitigations. Private organizations subject to CISA guidance use the same date as a defensible baseline. The Palo Alto situation reads differently. The vendor's language is "attempted to unsuccessfully exploit," which means probes were detected but no compromises confirmed. That distinction is doing real work. An attempted exploit on April 9 doesn't necessarily mean a compromise three weeks before disclosure. It does mean the vulnerability was known to at least one threat actor before vendor disclosure. Patch posture should treat both as imminent regardless.
Bottom Line
Ivanti EPMM operators: the May 10 KEV deadline has passed. Verify your mitigation status this week. PAN-OS operators: plan the May 13+ patch window now. Maintenance teams will be busy that week regardless.