CISA added Ivanti EPMM Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1340)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-1340, a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities (KEV) catalog. This flaw allows unauthenticated attackers to achieve remote code execution, posing a severe risk to organizations managing mobile devices. Qualys assigned a Vulnerability Score of 95, indicating active exploitation in the wild. Ivanti has released security updates to address the issue, with a mandatory patching deadline of April 11, 2026. Affected versions include Ivanti EPMM 12.5.0.0, 12.6.0.0, and 12.7.0.0 series. To mitigate risk, administrators must apply patches immediately and utilize Ivanti's Exploitation Detection RPM package to assess potential compromise. Security teams should review generated logs for indicators of malicious activity. Immediate action is required to prevent unauthorized access and potential data breaches within enterprise mobile infrastructure.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is informing users about an Ivanti Endpoint Manager vulnerability, tracked as CVE-2026-1340. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before April 11, 2026. Ivanti addressed the vulnerability in its February security updates. The code injection vulnerability may allow attackers to achieve unauthenticated remote code execution. Qualys Threat Intelligence assigned a Qualys Vulnerability Score … Continue reading "CISA added Ivanti EPMM Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1340)"

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-1340, a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities (KEV) catalog. This flaw allows unauthenticated attackers to achieve remote code execution, posing a severe risk to organizations managing mobile devices. Qualys assigned a Vulnerability Score of 95, indicating active exploitation in the wild. Ivanti has released security updates to address the issue, with a mandatory patching deadline of April 11, 2026. Affected versions include Ivanti EPMM 12.5.0.0, 12.6.0.0, and 12.7.0.0 series. To mitigate risk, administrators must apply patches immediately and utilize Ivanti's Exploitation Detection RPM package to assess potential compromise. Security teams should review generated logs for indicators of malicious activity. Immediate action is required to prevent unauthorized access and potential data breaches within enterprise mobile infrastructure. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is informing users about an Ivanti Endpoint Manager vulnerability, tracked as CVE-2026-1340. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before April 11, 2026. Ivanti addressed the vulnerability in its February security updates. The code injection vulnerability may allow attackers to achieve unauthenticated remote code execution. Qualys Threat Intelligence assigned a Qualys Vulnerability Score … Continue reading "CISA added Ivanti EPMM Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1340)" The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is informing users about an Ivanti Endpoint Manager vulnerability, tracked as CVE-2026-1340. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog , urging users to patch before April 11, 2026. Ivanti addressed the vulnerability in its February security updates. The code injection vulnerability may allow attackers to achieve unauthenticated remote code execution. Qualys Threat Intelligence assigned a Qualys Vulnerability Score (QVS) of 95 to CVE-2026-1340. Qualys Vulnerability Score (QVS) is a Qualys-assigned score for a vulnerability based on multiple factors associated with the CVE, such as CVSS scores and external threat indicators like active exploitation, exploit code maturity, CISA known exploits, and more. Ivanti Endpoint Manager Mobile (EPMM) is an on-premise Unified Endpoint Management (UEM) platform designed to secure and manage mobile devices, applications, and content. It enables IT administrators to enforce security policies, manage device lifecycles (iOS, Android, Windows, macOS), and protect corporate data on company-owned or BYOD devices. Ivanti released an Exploitation Detection RPM package for its users to help them assess potential exploitation. Users can run the RPM package on their appliance to download the SHOWTECH logs to view the tool’s output. Users should then review the output with their security team to verify the results and determine potential impact. The RPM tool looks for specific indicators related to known malicious activity. Affected and Patched Versions Product Name Affected Versions Resolved Versions Ivanti Endpoint Manager Mobile 12.5.0.0 and prior 12.6.0.0 and prior 12.7.0.0 and prior RPM 12.x.0.x Ivanti Endpoint Manager Mobile 12.5.1.0 and prior 12.6.1.0 and prior RPM 12.x.1.x For more information, please refer to the Ivanti Security Advisory . Qualys Detection Qualys customers can scan their devices with QIDs 733655 and 530890 to detect vulnerable assets. Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities. References https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US