Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks.
The flaws are code-injection vulnerabilities that allow remote attackers to execute arbitrary code on vulnerable devices without authentication. Both vulnerabilities have a CVSS score of 9.8 and are rated as critical.
"We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure," warns Ivanti.
Ivanti has released RPM scripts to mitigate the vulnerabilities for affected EPMM versions:
Use RPM 12.x.0.x for EPMM versions 12.5.0.x, 12.6.0.x, and 12.7.0.x
Use RPM 12.x.1.x for EPMM versions 12.5.1.0 and 12.6.1.0
The company says there is no downtime required to apply the patches and that there is no functional impact, so it is strongly advised to apply them as soon as possible.
However, the company does warn that the hotfixes do not survive a version upgrade and must be reapplied if the appliance is upgraded before a permanent fix is available.
The vulnerabilities will be permanently fixed in EPMM version 12.8.0.0, which will be released later in Q1 2026.
Ivanti says successful exploitation allows attackers to execute arbitrary code on the EPMM appliance, allowing attackers access to a wide range of information stored on the platform.
... continue reading