US EditionIvanti's January Bad Luck Continues as 0-Days Hit Customers
Ivanti released patches for two critical zero-day flaws rated 9.8 CVSS, enabling remote code execution and data access on on-premises EPMM appliances.
- This year, Ivanti released RPM hotfix scripts for two critical EPMM zero-days and urged administrators and customers to apply them soon with no downtime.
- Security notices say the flaws involve CVE-2026-1281 and CVE-2026-1340, code-injection bugs in Ivanti Endpoint Manager Mobile triggered via In‑House Application Distribution and Android File Transfer Configuration with exploits logged in Apache access log .
- The flaws are rated CVSS 9.8, enabling attackers to access administrator and user account data, device identifiers, and execute arbitrary code on Ivanti Endpoint Manager Mobile.
- CISA confirmed active exploitation by adding CVE-2026-1281 to its Known Exploited Vulnerabilities catalog, and federal civilian agencies must apply mitigations or discontinue vulnerable systems by February 1, 2026 under Binding Operational Directive 22-01.
- If you suspect compromise, restore from a known-good backup or rebuild, and review GET requests with bash commands using the Ivanti detection regex, as hotfixes do not survive upgrades before version 12.8.0.0.
13 Articles
13 Articles
Ivanti's January bad luck continues as 0-days hit customers
Consider yourselves compromised, experts warn Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors.…
Ivanti patches two actively exploited critical vulnerabilities in EPMM
IT software company Ivanti released patches for its Endpoint Manager Mobile (EPMM) product to fix two new remote code execution vulnerabilities already under attack in the wild. “We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” the company said in a security advisory that identifies the new flaws as CVE-2026-1281 and CVE-2026-1340. Both issues are described by Ivanti as code injecti…
Ivanti Fixes Actively Exploited RCE Flaws in Endpoint Manager Mobile
Ivanti has issued security updates to fix two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) that have been actively exploited in the wild. The flaws allow unauthenticated attackers to remotely execute arbitrary code on affected systems. The vulnerabilities “… could lead to unauthenticated remote code execution. We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” sa…
Global Security Mag Online
Global Security Mag OnlineMultiple vulnerabilities have been discovered in Ivanti Endpoint Manager Mobile (EPMM). They allow an attacker to cause arbitrary code execution at a distance. Ivanti indicates that CVE-2026-1281 and CVE-2026-1340 vulnerabilities are actively exploited within the framework of... See online: https://www.cert.ssi.gouv.fr/avis/C...
Ivanti Patches Two Exploited Zero-Days In Mobile Manager
Two code injection vulnerabilities allowed unauthenticated attackers to execute arbitrary code and access sensitive device information across compromised networks. Ivanti released emergency patches for two critical zero-day vulnerabilities in Endpoint Manager Mobile after discovering attackers exploited the flaws to compromise customer systems. The company confirmed a limited number of organizations fell victim to attacks leveraging CVE-2026-128…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
