Ivanti Discloses Two Critical EPMM Vulnerabilities with Active Exploitation
Ivanti has revealed two critical vulnerabilities in its Endpoint Manager Mobile (EPMM) software, tracked as CVE-2026-1281 and CVE-2026-1340, both carrying a CVSS score of 9.8. The flaws stem from code injection issues and enable unauthenticated remote code execution (RCE) with no user interaction or additional privileges required only network access.
The vulnerabilities affect multiple EPMM versions, including 12.5.0.0, 12.6.0.0, 12.7.0.0, 12.5.1.0, and 12.6.1.0, but do not impact other Ivanti products, such as Ivanti Neurons for MDM or Ivanti Endpoint Manager (EPM). Cloud-based deployments with Sentry integration remain unaffected.
Ivanti has confirmed active exploitation in a limited number of customer environments, underscoring the urgency of remediation. The company has released version-specific RPM patches for affected deployments, which can be applied without downtime. However, the patches do not persist through upgrades, requiring reinstallation after version changes.
A permanent fix will be included in EPMM 12.8.0.0, scheduled for release in Q1 2026. For heightened security, Ivanti recommends rebuilding the EPMM appliance and migrating data, avoiding the need for device re-enrollment.
Organizations are advised to prioritize patching due to the low attack complexity, unauthenticated access, and confirmed exploitation. Early adoption of EPMM 12.8.0.0 is encouraged to eliminate recurring patch reapplications.
Source: https://gbhackers.com/ivanti-endpoint-manager-vulnerability/
Ivanti cybersecurity rating report: https://www.rankiteo.com/company/ivanti
"id": "IVA1769791658",
"linkid": "ivanti",
"type": "Vulnerability",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Limited number of customer '
'environments',
'industry': 'Cybersecurity/Software',
'name': 'Ivanti',
'type': 'Company'}],
'attack_vector': 'Network',
'description': 'Ivanti has revealed two critical vulnerabilities in its '
'Endpoint Manager Mobile (EPMM) software, tracked as '
'CVE-2026-1281 and CVE-2026-1340, both carrying a CVSS score '
'of 9.8. The flaws stem from code injection issues and enable '
'unauthenticated remote code execution (RCE) with no user '
'interaction or additional privileges required, only network '
'access. The vulnerabilities affect multiple EPMM versions, '
'and Ivanti has confirmed active exploitation in a limited '
'number of customer environments.',
'impact': {'systems_affected': 'Ivanti Endpoint Manager Mobile (EPMM)'},
'post_incident_analysis': {'corrective_actions': 'Release of version-specific '
'patches and permanent fix '
'in EPMM 12.8.0.0',
'root_causes': 'Code injection vulnerabilities in '
'EPMM software'},
'recommendations': 'Prioritize patching due to low attack complexity and '
'confirmed exploitation; early adoption of EPMM 12.8.0.0 '
'encouraged to avoid recurring patch reapplications.',
'references': [{'source': 'Ivanti Security Advisory'}],
'response': {'containment_measures': 'Version-specific RPM patches released '
'for affected deployments',
'recovery_measures': 'Rebuilding the EPMM appliance and '
'migrating data recommended',
'remediation_measures': 'Patches can be applied without '
'downtime; permanent fix in EPMM '
'12.8.0.0 (Q1 2026)'},
'title': 'Ivanti Discloses Two Critical EPMM Vulnerabilities with Active '
'Exploitation',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': ['CVE-2026-1281', 'CVE-2026-1340']}