January 2026 EPMM Security Update

Ivanti has released a critical security update addressing vulnerabilities within its on-premises Endpoint Manager Mobile (EPMM) product. Active exploitation has been confirmed among a limited number of customers, necessitating immediate remediation. The vulnerabilities do not affect Ivanti's cloud-based solutions, such as Neurons for MDM, or other products like Ivanti EPM and Sentry. Defenders are urged to install the provided security patch promptly to mitigate risks associated with this sophisticated threat landscape. Ivanti has coordinated with government agencies and security partners to facilitate risk assessment and defense deployment. Technical analysis and log analysis guidance are available to support forensic investigation. Customers should consult the Security Advisory for detailed remediation instructions. This update underscores the importance of proactive patching for on-premises management infrastructure to prevent unauthorized access and potential compromise of managed endpoints within enterprise environments.

At Ivanti, responsible transparency is a cornerstone of our commitment to customer security and trust. We have a long-standing commitment to provide information that allows our customers and the broader security ecosystem to take proactive measures to safeguard their environments, while mitigating the risks of a rapidly evolving and highly sophisticated threat landscape. To this end, we are issuing an important security update addressing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). More information can be found in the Security Advisory. At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited. The issue affects only the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products. We urge all customers using the on-prem EPMM product to promptly install the Security Update. As we respond to this situation, we are making the following information available to defenders now: Our Security Advisory , which describes the nature of the vulnerabilities and detailed remediation instructions for customers. A Technical Analysis that includes affected endpoint specifics and log analysis guidance to support investigation and forensics. We have a longstanding commitment to responsibly share information through Ivanti channels, as well as through coordination with government agencies and trusted security partners, to help defenders assess risk, prioritize remediation, and deploy defenses effectively. In this case, we determined that early proactive release of technical details concurrent with the patch aligns with responsible disclosure and arms defenders to best mitigate potential exploitation. Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti has released a critical security update addressing vulnerabilities within its on-premises Endpoint Manager Mobile (EPMM) product. Active exploitation has been confirmed among a limited number of customers, necessitating immediate remediation. The vulnerabilities do not affect Ivanti's cloud-based solutions, such as Neurons for MDM, or other products like Ivanti EPM and Sentry. Defenders are urged to install the provided security patch promptly to mitigate risks associated with this sophisticated threat landscape. Ivanti has coordinated with government agencies and security partners to facilitate risk assessment and defense deployment. Technical analysis and log analysis guidance are available to support forensic investigation. Customers should consult the Security Advisory for detailed remediation instructions. This update underscores the importance of proactive patching for on-premises management infrastructure to prevent unauthorized access and potential compromise of managed endpoints within enterprise environments. At Ivanti, responsible transparency is a cornerstone of our commitment to customer security and trust. We have a long-standing commitment to provide information that allows our customers and the broader security ecosystem to take proactive measures to safeguard their environments, while mitigating the risks of a rapidly evolving and highly sophisticated threat landscape. To this end, we are issuing an important security update addressing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). More information can be found in the Security Advisory. At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited. The issue affects only the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products. We urge all customers using the on-prem EPMM product to promptly install the Security Update. As we respond to this situation, we are making the following information available to defenders now: Our Security Advisory , which describes the nature of the vulnerabilities and detailed remediation instructions for customers. A Technical Analysis that includes affected endpoint specifics and log analysis guidance to support investigation and forensics. We have a longstanding commitment to responsibly share information through Ivanti channels, as well as through coordination with government agencies and trusted security partners, to help defenders assess risk, prioritize remediation, and deploy defenses effectively. In this case, we determined that early proactive release of technical details concurrent with the patch aligns with responsible disclosure and arms defenders to best mitigate potential exploitation. Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program. At Ivanti, responsible transparency is a cornerstone of our commitment to customer security and trust. We have a long-standing commitment to provide information that allows our customers and the broader security ecosystem to take proactive measures to safeguard their environments, while mitigating the risks of a rapidly evolving and highly sophisticated threat landscape. To this end, we are issuing an important security update addressing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). More information can be found in the Security Advisory. At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited. The issue affects only the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products. We urge all customers using the on-prem EPMM product to promptly install the Security Update. As we respond to this situation, we are making the following information available to defenders now: Our Security Advisory , which describes the nature of the vulnerabilities and detailed remediation instructions for customers. A Technical Analysis that includes affected endpoint specifics and log analysis guidance to support investigation and forensics. We have a longstanding commitment to responsibly share information through Ivanti channels, as well as through coordination with government agencies and trusted security partners, to help defenders assess risk, prioritize remediation, and deploy defenses effectively. In this case, we determined that early proactive release of technical details concurrent with the patch aligns...