A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
An attacker sends a specially crafted network request to the vulnerable Ivanti EPMM component without needing any credentials. The code injection vulnerability (CWE-94) allows injection and execution of arbitrary code on the server side. The attack vector is network-based (AV:N), requires no user interaction or elevated privileges, making it trivial to perform from any location on the network.
An attacker can gain full control over the Ivanti EPMM server, including reading or modifying data and disrupting the mobile device management system operation. As a result, access to managed end-user devices, user data, and organizational infrastructure is possible.
Patches available from the vendor should be applied according to the references — details are in the official Ivanti advisory available at the address provided in the references. Due to active exploitation of the vulnerability in production environments, the update should be performed immediately.
Ivanti Endpoint Manager Mobile (EPMM) — versions indicated in the vendor's references (Ivanti advisory: CVE-2026-1281 / CVE-2026-1340)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIvanti Endpoint Manager Mobile
APPIvanti≤ 12.7.0.0
CISA KEV — detailsi
- Vendori
- Ivanti ↗
- Producti
- Endpoint Manager Mobile (EPMM)
- Added to KEVi
- April 8, 2026
- Remediation deadline (US Federal)i
- April 11, 2026(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Related vulnerabilities
Krytyczny code injection w Ivanti Endpoint Manager Mobile (RCE bez uwierzytelnienia)
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access res...
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functiona...
Ivanti EPMM: obejście autoryzacji umożliwiające zdalne wykonanie poleceń
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of a...