CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2026-1340

CVSS 9.8v3.1pub. 2026-01-29upd. 2026-04-09

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

🤖 AI Analysis
How it works

An attacker sends a specially crafted network request to the vulnerable Ivanti EPMM component without needing any credentials. The code injection vulnerability (CWE-94) allows injection and execution of arbitrary code on the server side. The attack vector is network-based (AV:N), requires no user interaction or elevated privileges, making it trivial to perform from any location on the network.

Impact

An attacker can gain full control over the Ivanti EPMM server, including reading or modifying data and disrupting the mobile device management system operation. As a result, access to managed end-user devices, user data, and organizational infrastructure is possible.

Mitigation & patch

Patches available from the vendor should be applied according to the references — details are in the official Ivanti advisory available at the address provided in the references. Due to active exploitation of the vulnerability in production environments, the update should be performed immediately.

Who is affected

Ivanti Endpoint Manager Mobile (EPMM) — versions indicated in the vendor's references (Ivanti advisory: CVE-2026-1281 / CVE-2026-1340)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ivanti Endpoint Manager Mobile

    APP
    Ivanti
    ≤ 12.7.0.0

CISA KEV — detailsi

Vendori
Ivanti
Producti
Endpoint Manager Mobile (EPMM)
Added to KEVi
April 8, 2026
Remediation deadline (US Federal)i
April 11, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 11 kwietnia 2026
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-1281CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczny code injection w Ivanti Endpoint Manager Mobile (RCE bez uwierzytelnienia)

CVE-2023-35082CRITICAL9.8⚠ KEVten sam produkt

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access res...

CVE-2023-35078CRITICAL9.8⚠ KEVten sam produkt

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functiona...

CVE-2024-36130CRITICAL9.8PL ✓ten sam produkt

Ivanti EPMM: obejście autoryzacji umożliwiające zdalne wykonanie poleceń

CVE-2023-39337CRITICAL9.1ten sam produkt

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of a...