A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
The flaw is based on the ability to inject and execute arbitrary code (CWE-94) in the Ivanti EPMM component. The attacker does not need any credentials or user interaction — network access to the vulnerable system is sufficient. The attack vector is network-based, with low complexity, making this vulnerability exceptionally easy to exploit in automated attacks.
Successful exploitation of the vulnerability gives the attacker full control over the system — it is possible to steal sensitive data, modify the configuration of mobile devices managed by EPMM, and conduct lateral movement within the organization's infrastructure.
Apply patches available from the vendor immediately according to the references (https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340). Due to active exploitation in production environments, it is recommended to restrict access to EPMM management interfaces exclusively to trusted IP addresses and increase anomaly monitoring until updates are applied.
Ivanti Endpoint Manager Mobile (EPMM) — versions specified in the vendor references (Ivanti advisory: CVE-2026-1281 / CVE-2026-1340)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIvanti Endpoint Manager Mobile
APPIvanti12.5.1.012.6.0.012.6.1.012.7.0.0≤ 12.5.0.0
CISA KEV — detailsi
- Vendori
- Ivanti ↗
- Producti
- Endpoint Manager Mobile (EPMM)
- Added to KEVi
- January 29, 2026
- Remediation deadline (US Federal)i
- February 1, 2026(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Related vulnerabilities
Code injection w Ivanti EPMM umożliwiający nieuwierzytelniony RCE
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access res...
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functiona...
Ivanti EPMM: obejście autoryzacji umożliwiające zdalne wykonanie poleceń
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of a...