Bleepingcomputer
Critical Ivanti EPMM Vulnerabilities Under Active Exploitation
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Two critical vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM), CVE-2026-1281 and CVE-2026-1340, have been actively exploited in the wild, allowing unauthenticated remote code execution (RCE) with a CVSS score of 9.8. These vulnerabilities were disclosed on January 29, 2026, and have since been added to CISA's Known Exploited Vulnerabilities catalog. Exploitation has been observed across various sectors, including government and healthcare, with attackers leveraging these flaws to gain unauthorized access to sensitive device management data. The vulnerabilities stem from code injection issues in the In-House Application Distribution and Android File Transfer Configuration features of EPMM. Ivanti has released emergency patches and advised organizations to apply them immediately to mitigate risks. However, the patches do not survive version upgrades, necessitating ongoing vigilance. The attack vector has been linked to a broader trend of rapid exploitation following vulnerability disclosures, raising concerns about the security of mobile device management systems.
Key Points: • CVE-2026-1281 and CVE-2026-1340 allow unauthenticated RCE with a CVSS score of 9.8. • Exploitation has been confirmed across various sectors, including government and healthcare. • Ivanti has released emergency patches, but they do not persist through version upgrades.