CISA Urges Urgent Patching of Critical Ivanti EPMM Vulnerability CVE-2026-1340

Severity: Critical (Score: 80.8)

Sources: Crn, Gbhackers, Cybersecuritynews, Securityaffairs.Co, Bleepingcomputer

Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1340. This code injection flaw allows unauthenticated attackers to execute arbitrary code on affected devices, posing significant risks to federal and private sector organizations. CISA added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on April 8, 2026, after confirming its active exploitation in real-world attacks. Federal agencies have until April 11, 2026, to patch their systems as mandated by Binding Operational Directive (BOD) 22-01. The vulnerability has a CVSS score of 9.8, indicating its critical nature. CISA advises all organizations to prioritize patching to mitigate potential threats. Currently, nearly 950 IP addresses with Ivanti EPMM fingerprints remain exposed online. The situation is exacerbated by the history of Ivanti vulnerabilities being exploited in various cyberattacks, including ransomware campaigns. Key Points: • CISA has mandated federal agencies to patch CVE-2026-1340 by April 11, 2026. • The vulnerability allows unauthenticated remote code execution on Ivanti EPMM systems. • CISA advises all organizations, not just federal, to prioritize patching due to active exploitation.

Key Entities

• DragonBreath (apt_group)
• Silver Fox (apt_group)
• Data Breach (attack_type)
• Phishing (attack_type)
• Zero-day Exploit (attack_type)
• Ivanti (company)
• CVE-2026-1281 (cve)
• CVE-2026-1340 (cve)
• Government (industry)
• Roningloader (malware)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Google Chrome (tool)
• Ivanti Endpoint Manager Mobile (platform)