Urgent CISA Directive: Patch Critical Ivanti EPMM Vulnerability CVE-2026-1340 by April 11

Severity: Critical (Score: 80.2)

Sources: Crn, Bleepingcomputer, nvd.nist.gov, news.google.com, Cybersecuritynews

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that U.S. federal agencies patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1340, by April 11, 2026. This code injection flaw allows unauthenticated attackers to execute arbitrary code on unpatched systems, posing significant risks to federal and private sector organizations. The vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) catalog on April 8, 2026, following confirmed exploitation in real-world attacks. Ivanti had previously disclosed the flaw in January 2026, alongside another vulnerability (CVE-2026-1281), both of which have been actively exploited. CISA's directive emphasizes the urgency for all organizations to prioritize remediation efforts to mitigate potential breaches. Security researchers have identified numerous EPMM instances still exposed online, increasing the risk of exploitation. Organizations are urged to apply vendor-recommended patches immediately to secure their systems. Key Points: • CISA has ordered federal agencies to patch CVE-2026-1340 by April 11, 2026. • The vulnerability allows unauthenticated remote code execution on Ivanti EPMM systems. • Numerous EPMM instances remain exposed online, heightening the risk of exploitation.

Key Entities

• DragonBreath (apt_group)
• Silver Fox (apt_group)
• Data Breach (attack_type)
• Phishing (attack_type)
• Zero-day Exploit (attack_type)
• Ivanti (company)
• Netherlands (country)
• CVE-2026-1281 (cve)
• CVE-2026-1340 (cve)
• Government (industry)
• Roningloader (malware)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Google Chrome (tool)
• Ivanti Endpoint Manager Mobile (platform)