Two enterprise security vulnerabilities advanced this week. Ivanti Endpoint Manager Mobile carries CVE-2026-6973, a high-severity RCE flaw with a CISA Known Exploited Vulnerabilities Catalog due date of May 10. Palo Alto Networks confirmed that threat actors attempted but failed to exploit CVE-2026-0300 — a critical buffer overflow in PAN-OS's User-ID Authentication Portal — as early as April 9. PAN-OS fixes are scheduled to begin May 13.
What's confirmed and what isn't matters here. CISA's KEV listing for the Ivanti CVE means there is documented exploitation in the wild, not just proof-of-concept research. Federal agencies under BOD 22-01 have until the due date to remediate or implement mitigations; private organizations subject to CISA guidance use the same date as a defensible baseline. The Palo Alto situation is different — the vendor's language is "attempted to unsuccessfully exploit," which means probes were detected but no compromises confirmed. That distinction is doing real work: an attempted exploit on April 9 doesn't necessarily mean compromise three weeks before disclosure, but it does mean the vulnerability was known to at least one threat actor before vendor disclosure. Patch posture should treat both as imminent regardless.
If you run Ivanti EPMM, the May 10 KEV deadline has passed; verify your mitigation status this week. If you run PAN-OS, plan the May 13+ patch window now — your maintenance team will be busy that week regardless.