Urgent CISA Directive: Patch Critical Ivanti EPMM Vulnerability CVE-2026-1340 by April 11

Urgent CISA Directive: Patch Critical Ivanti EPMM Vulnerability CVE-2026-1340 by April 11

First seen 8 Apr 2026, 20:17 UTC BleepingcomputerCrnSecurityaffairs.CoGbhackersCybersecuritynews+9 92% similarity 80.2

Article Content

Browse articles
ThreatCluster

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that U.S. federal agencies patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1340, by April 11, 2026. This code injection flaw allows unauthenticated attackers to execute arbitrary code on unpatched systems, posing significant risks to federal and private sector organizations. The vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) catalog on April 8, 2026, following confirmed exploitation in real-world attacks. Ivanti had previously disclosed the flaw in January 2026, alongside another vulnerability (CVE-2026-1281), both of which have been actively exploited. CISA's directive emphasizes the urgency for all organizations to prioritize remediation efforts to mitigate potential breaches. Security researchers have identified numerous EPMM instances still exposed online, increasing the risk of exploitation. Organizations are urged to apply vendor-recommended patches immediately to secure their systems.

Key Points: • CISA has ordered federal agencies to patch CVE-2026-1340 by April 11, 2026. • The vulnerability allows unauthenticated remote code execution on Ivanti EPMM systems. • Numerous EPMM instances remain exposed online, heightening the risk of exploitation.

ThreatCluster AI

Timeline

2026-01-29
CVE-2026-1340 published and flagged for active exploitation
2026-01-29
CVE-2026-1281 published
2026-04-08
CISA adds CVE-2026-1340 to KEV catalog
2026-04-11
Deadline for federal agencies to patch CVE-2026-1340

Community

Browse all →