Skip to content
Tech News
← Back to articles

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

2026-04-08 | original
read original get Ivanti EPMM Security Patch → more articles
Why This Matters

The urgent directive from CISA highlights the critical importance of timely patching to prevent widespread exploitation of a severe vulnerability in Ivanti EPMM, which has already been targeted in attacks. This underscores the ongoing risks associated with unpatched enterprise software and the need for proactive cybersecurity measures across both government and private sectors.

Key Takeaways

CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January.

Tracked as CVE-2026-1340, this critical-severity code injection flaw enables threat actors without privileges to gain remote code execution on Internet-exposed and unpatched EPMM appliances.

Ivanti flagged this and a second security bug (CVE-2026-1281) as abused in zero-day attacks when it released security updates on January 29 to patch both vulnerabilities and "strongly" encouraged all customers to update their systems to block ongoing exploitation.

"Successful exploitation could lead to unauthenticated remote code execution. We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure," the company said at the time.

Internet security watchdog group Shadowserver is currently tracking nearly 950 IP addresses with Ivanti EPMM fingerprints still exposed online, most of them from Europe (569) and North America (206). However, there is no information on how many of them have already been patched.

Ivanti EPMM appliances exposed online (Shadowserver)

​​On Monday, the U.S. Cybersecurity and Infrastructure Security Agency added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to patch their EPMM systems by Saturday midnight, April 11, as mandated by Binding Operational Directive (BOD) 22-01.

"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA warned. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."

CISA advised all defenders, including those in the private sector, to prioritize applying patches for CVE-2026-1340 to secure their organizations' devices as soon as possible, even though BOD 22-01 applies only to U.S. federal agencies.

Multiple other Ivanti vulnerabilities have been exploited in recent years via zero-day attacks to breach a wide range of targets, including government agencies worldwide.

... continue reading

Explore topics: ivanti epmm cve-2026-1340 shadowserver federal civil service cybersecurity
Related:
Anthropic Says Its New AI Model Is So Good at Finding Security Risks, You Can't Use It
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
Anthropic limits access to Mythos, its new cybersecurity AI model
Anthropic launches Project Glasswing, an effort to prevent AI cyberattacks with AI
Anthropic Launches ‘Project Glasswing’ to Stealthily Spot Cybersecurity Issues for Rivals

© 2026 GoKawiil

About | Editorial Policy | Contact