CISA Urges Rapid Patching for Critical Ivanti EPMM Vulnerability

Severity: High (Score: 72.9)

Sources: Crn, Securityaffairs.Co, Bleepingcomputer

Summary

CISA has mandated U.S. government agencies to patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1340, by April 11, 2026. This code injection flaw allows unauthorized threat actors to achieve remote code execution on unpatched EPMM appliances. The vulnerability has been exploited in attacks since January 2026, with Ivanti reporting a limited number of affected customers at the time of disclosure. Shadowserver is monitoring around 950 IP addresses with exposed Ivanti EPMM fingerprints, primarily in Europe and North America. CISA added CVE-2026-1340 to its Known Exploited Vulnerabilities Catalog on April 8, 2026, highlighting its potential to be a significant attack vector. Ivanti had previously released patches for this and another vulnerability (CVE-2026-1281) on January 29, 2026. CISA's directive applies to Federal Civilian Executive Branch agencies but urges all organizations to prioritize patching. The vulnerability has a severity score of 9.8 out of 10, indicating its critical nature. Key Points: • CISA mandates patching of CVE-2026-1340 by April 11, 2026. • The vulnerability allows remote code execution on unpatched Ivanti EPMM systems. • Around 950 IP addresses with exposed Ivanti EPMM fingerprints are being monitored.

Key Entities

• Zero-day Exploit (attack_type)
• Ivanti (company)
• CVE-2026-1281 (cve)
• CVE-2026-1340 (cve)
• Government (industry)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• Ivanti Endpoint Manager Mobile (platform)