CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2026-1281

CVSS 9.8v3.1pub. 2026-01-29upd. 2026-01-30

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

🤖 AI Analysis
How it works

The flaw is based on the ability to inject and execute arbitrary code (CWE-94) in the Ivanti EPMM component. The attacker does not need any credentials or user interaction — network access to the vulnerable system is sufficient. The attack vector is network-based, with low complexity, making this vulnerability exceptionally easy to exploit in automated attacks.

Impact

Successful exploitation of the vulnerability gives the attacker full control over the system — it is possible to steal sensitive data, modify the configuration of mobile devices managed by EPMM, and conduct lateral movement within the organization's infrastructure.

Mitigation & patch

Apply patches available from the vendor immediately according to the references (https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340). Due to active exploitation in production environments, it is recommended to restrict access to EPMM management interfaces exclusively to trusted IP addresses and increase anomaly monitoring until updates are applied.

Who is affected

Ivanti Endpoint Manager Mobile (EPMM) — versions specified in the vendor references (Ivanti advisory: CVE-2026-1281 / CVE-2026-1340)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ivanti Endpoint Manager Mobile

    APP
    Ivanti
    12.5.1.012.6.0.012.6.1.012.7.0.0≤ 12.5.0.0

CISA KEV — detailsi

Vendori
Ivanti
Producti
Endpoint Manager Mobile (EPMM)
Added to KEVi
January 29, 2026
Remediation deadline (US Federal)i
February 1, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 1 lutego 2026
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-1340CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Code injection w Ivanti EPMM umożliwiający nieuwierzytelniony RCE

CVE-2023-35082CRITICAL9.8⚠ KEVten sam produkt

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access res...

CVE-2023-35078CRITICAL9.8⚠ KEVten sam produkt

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functiona...

CVE-2024-36130CRITICAL9.8PL ✓ten sam produkt

Ivanti EPMM: obejście autoryzacji umożliwiające zdalne wykonanie poleceń

CVE-2023-39337CRITICAL9.1ten sam produkt

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of a...

CVE-2026-1281 — Ivanti — Endpoint Manager Mobile — CRITICAL — CVSS 9.8 | CVEbaza.pl