Two critical code-injection zero-days in Ivanti Endpoint Manager Mobile (CVE-2026-1281 and CVE-2026-1340) allowed unauthenticated attackers to execute arbitrary code and compromise on-premises EPMM appliances, prompting Ivanti to issue emergency RPM mitigations. Exploited systems exposed administrator and user credentials, device identifiers and location data, and CISA added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog with a February 1 remediation deadline for federal agencies, so organizations must patch or rebuild affected systems immediately. #Ivanti #EPMM #CVE-2026-1281 #CVE-2026-1340 #CISA
Keypoints
- Two critical code-injection vulnerabilities (CVE-2026-1281 and CVE-2026-1340) allow unauthenticated remote code execution on on-premises Ivanti EPMM.
- Ivanti released RPM mitigation scripts with no downtime required and plans a permanent fix in product release 12.8.0.0.
- Successful exploitation can expose admin and user credentials, device identifiers, installed apps, network details and location data.
- The flaws affect only on-premises EPMM; organizations should review Sentry integration and logs for potential lateral movement.
- CISA added CVE-2026-1281 to the KEV with a February 1 deadline for federal agencies; compromised systems should be restored from known-good backups or rebuilt and credentials/certificates rotated.
Read More: https://thecyberexpress.com/ivanti-patches-critical-zero-day-flaws-in-epmm/